CVE-2026-1188 | THREATINT

Description

In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to account for the separator when determining when a write to the buffer was safe could lead to a buffer overflow. This issue is fixed in Eclipse OMR version 0.8.0.

PUBLISHED Reserved 2026-01-19 | Published 2026-01-29 | Updated 2026-01-29 | Assigner eclipse

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Problem types

CWE-131 Incorrect Calculation of Buffer Size

Product status

Default status

unaffected

0.2.0 (semver) before 0.8.0

affected

Credits

Daryl Maier finder

References

github.com/eclipse-omr/omr/pull/8082

cve.org (CVE-2026-1188)

nvd.nist.gov (CVE-2026-1188)

Download JSON