Vulnerability Summary Vulnerability Overview CVE ID: CVE-2026-26738 Affected Software: Uderzo Software SpaceSniffer Affected Version: 2.0.5.18 Vulnerability Type: Stack-based Buffer Overflow Detailed Description: SpaceSniffer uses an attacker-controlled length value as the size argument for when parsing proprietary snapshot files (.sns), writing to a fixed-size 8192-byte stack buffer without performing boundary checks. A crafted .sns file can trigger stack memory corruption and enable arbitrary code execution when a user opens the snapshot. Scope of Impact Affected Functionality: Snapshot open/import (.sns) functionality within the SpaceSniffer GUI. Attack Vector: A remote attacker can distribute malicious .sns files and use social engineering to induce victims to open or import the file. Security Impact: Confirmed Impact: Stack memory corruption and application crash occur when opening a crafted .sns file. Proof of Concept (PoC) Impact: Arbitrary code execution is achieved within the context of the user running SpaceSniffer. (The PoC uses as benign evidence of execution and demonstrates bypassing Data Execution Prevention (DEP) via Return-Oriented Programming (ROP)). Remediation This issue has been resolved in version 2.1.0.21. PoC Code The provided screenshots do not display the complete PoC source code; they only show a screenshot of "PoC generator execution using Python." Exploit Payload Description**: A crafted .sns snapshot file containing an oversized length value that causes a stack overflow during parsing.