Critical Alert 3 Active Exploits Detected Today

CVE-2026-58644 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability →
CVE-2026-25089 Fortinet FortiSandbox OS Command Injection Vulnerability →
CVE-2026-39808 Fortinet FortiSandbox OS Command Injection Vulnerability →
Powered by CVE Watchtower
×

CVE Watchtower


← Back to CVE List

CVE-2026-54559NVD

Vulnerability Summary

### Impact

The trie language model code introduced in PocketSphinx 5prealpha failed to check various boundary conditions when reading the headers of ARPA, DMP, and binary format language model files. In the case of invalid, corrupted or malicious input files, this could lead to stack and heap buffer overflows.

In addition, the acoustic model loading code (which is over 30 years old...) contains numerous instances of `sscanf` with an unbounded string field which could also lead to stack overflows in the case of corrupt or malicious inputs.

Because PocketSphinx will search the directory given by the `POCKETSPHINX_PATH` environment variable for acoustic and language model files, if this directory is writable by untrusted users, an attacker could corrupt an existing file or write a malicious one to this directory in order to trigger the vulnerability.

### Patches

The problem has been corrected in PocketSphinx 5.1.1.

There is no patch currently available for users of Pocketsphinx 5prealpha, who are encouraged to migrate as soon as possible to PocketSphinx 5.1.1.

### Workarounds

Ensure that the `POCKETSPHINX_PATH` environment variable is either unset, or set to a directory whose contents are trusted and which cannot be written by untrusted users.
Severity Level
MEDIUM
Published Date
Jul 17, 2026
Last Modified
Jul 17, 2026
Exploitation Status
No confirmed exploitation yet
EPSS Score (30-Day)
Data Pending
Root Weakness (CWE)
N/A

External References