EUVD-2026-39530

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table,...

CVE-2026-56787

RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decodessr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit thi...

CVE-2026-56789

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...

CVE-2026-56787

RTKLIB 2.4.3 is affected by an off-by-one out-of-bounds read in decode_ssr3 (src/rtcm3.c:1446) triggered by crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Attackers can send malicious SSR correction streams over NTRIP or serial connections to cause denial of service or a ...