SB2026071529 - Multiple vulnerabilities in Content Credentials SDKs
Published: July 15, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 vulnerabilities.
1) Integer overflow (CVE-ID: CVE-2026-34711)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to integer overflow or wraparound in Content Credentials Rust SDK when parsing input. A remote attacker can send specially crafted input to cause a denial of service.
2) Input validation error (CVE-ID: CVE-2026-34712)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in Content Credentials Rust SDK when parsing input. A remote attacker can send specially crafted input to cause a denial of service.
3) Resource exhaustion (CVE-ID: CVE-2026-34713)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled resource consumption in Content Credentials Rust SDK when parsing input. A remote attacker can send specially crafted input to cause a denial of service.
4) Resource exhaustion (CVE-ID: CVE-2026-47902)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled resource consumption in Content Credentials Rust SDK when parsing input locally. A remote attacker can supply specially crafted input to cause a denial of service.
5) Input validation error (CVE-ID: CVE-2026-47903)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in Content Credentials Rust SDK when parsing input locally. A remote attacker can supply specially crafted input to cause a denial of service.
6) Resource exhaustion (CVE-ID: CVE-2026-47904)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled resource consumption in Content Credentials Rust SDK when parsing input locally. A remote attacker can supply specially crafted input to cause a denial of service.
7) Resource exhaustion (CVE-ID: CVE-2026-47905)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled resource consumption in Content Credentials Rust SDK when parsing input locally. A remote attacker can supply specially crafted input to cause a denial of service.
8) Path traversal (CVE-ID: CVE-2026-34657)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform an arbitrary file system write.
The vulnerability exists due to path traversal in Content Credentials Rust SDK when handling crafted file paths. A remote attacker can trick the victim into opening crafted content to perform an arbitrary file system write.
User interaction is required to open crafted content.
Remediation
Install update from vendor's website.