CVE-2025-26519 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2025-26519

CVE-2025-26519

February 14, 2025

musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.

Related Resources (9)

http://www.openwall.com/lists/oss-security/2025/02/14/6

http://www.openwall.com/lists/oss-security/2025/02/13/5

http://www.openwall.com/lists/oss-security/2025/02/13/2

https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da

https://www.openwall.com/lists/oss-security/2025/02/13/2

http://www.openwall.com/lists/oss-security/2025/02/13/4

http://www.openwall.com/lists/oss-security/2025/02/13/3

http://www.openwall.com/lists/oss-security/2025/02/14/5

https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659

Do you need more information?

CVSS v4

Base Score:

8.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

LOW

Subsequent System Confidentiality

HIGH

Subsequent System Integrity

HIGH

Subsequent System Availability

LOW

CVSS v3

Base Score:

8.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

EPSS

Base Score:

0.02

Products

Solutions

Resources

Company

Compare

Developer Tools