CVE-2025-15536

CVE-2025-15536

Name

CVE-2025-15536

Description

A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. Patch name: 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is recommended to deploy a patch.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
patch	https://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec
issue-tracking	https://github.com/BYVoid/OpenCC/issues/997
issue-tracking	https://github.com/BYVoid/OpenCC/pull/1005
exploit	https://github.com/oneafter/1222/blob/main/repro
signature	https://vuldb.com/?ctiid.341708
vdb-entry	https://vuldb.com/?id.341708
third-party-advisory	https://vuldb.com/?submit.733347

Type

URI

patch

https://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec

issue-tracking

https://github.com/BYVoid/OpenCC/issues/997

issue-tracking

https://github.com/BYVoid/OpenCC/pull/1005

exploit

https://github.com/oneafter/1222/blob/main/repro

signature

https://vuldb.com/?ctiid.341708

vdb-entry

https://vuldb.com/?id.341708

third-party-advisory

https://vuldb.com/?submit.733347

Match rules

CPE URI	Source package	Min version	Max version
	opencc	== 1.1.0	== None
	opencc	== 1.1.1	== None
	opencc	== 1.1.2	== None
	opencc	== 1.1.3	== None
	opencc	== 1.1.4	== None
	opencc	== 1.1.5	== None
	opencc	== 1.1.6	== None
	opencc	== 1.1.7	== None
	opencc	== 1.1.8	== None
	opencc	== 1.1.9	== None
`cpe:2.3:a:byvoid:open_chinese_convert::::::::`	open_chinese_convert	>= None	<= 1.1.9

CPE URI

Source package

Min version

Max version

opencc

== 1.1.0

== None

opencc

== 1.1.1

== None

opencc

== 1.1.2

== None

opencc

== 1.1.3

== None

opencc

== 1.1.4

== None

opencc

== 1.1.5

== None

opencc

== 1.1.6

== None

opencc

== 1.1.7

== None

opencc

== 1.1.8

== None

opencc

== 1.1.9

== None

cpe:2.3:a:byvoid:open_chinese_convert:*:*:*:*:*:*:*:*

open_chinese_convert

>= None

<= 1.1.9

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
opencc	edge-community	1.2.0-r0	mio <miyopan@e.email>	possibly vulnerable
opencc	edge-community	1.1.9-r2	Celeste <cielesti@protonmail.com>	possibly vulnerable
opencc	edge-community	1.1.9-r1	Celeste <cielesti@protonmail.com>	possibly vulnerable
opencc	edge-community	1.1.9-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
opencc	3.23-community	1.1.9-r2	Celeste <cielesti@protonmail.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

opencc

edge-community

1.2.0-r0

mio <miyopan@e.email>

possibly vulnerable

opencc

edge-community