CVE-2026-2016 PUBLISHED

A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The identifier of the patch is 82f66af3e252e3e137dba0c3891570f085e79adf. Applying a patch is the recommended action to fix this issue.

• liloler (VulDB User) reporter

• VDB-344598 | happyfish100 libfastcommon base64.c base64_decode stack-based overflow
• VDB-344598 | CTI Indicators (IOB, IOC, IOA)
• Submit #743873 | happyfish100 libfastcommon V1.0.84 and earlier Heap-based Buffer Overflow
• https://github.com/happyfish100/libfastcommon/issues/55
• https://github.com/happyfish100/libfastcommon/issues/55#issuecomment-3776757848
• https://github.com/happyfish100/libfastcommon/issues/55#issue-3836362577
• https://github.com/happyfish100/libfastcommon/commit/82f66af3e252e3e137dba0c3891570f085e79adf
• https://github.com/happyfish100/libfastcommon/

• Stack-based Buffer Overflow CWE
• Memory Corruption CWE