### Impact The trie language model code introduced in PocketSphinx 5prealpha failed to check various boundary conditions when reading the headers of ARPA, DMP, and binary format language model files. In the case of invalid, corrupted or malicious input files, this could lead to stack and heap buffer overflows. In addition, the acoustic model loading code (which is over 30 years old...) contains
PoC Research
CVE-2026-54559
GHSA
Update to v5.1.1