GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system.
PUBLISHED5.2CWE-787
GNU Barcode 0.99 Buffer Overflow in Code 93 Encoding Mechanism
Problem type
Affected products
The GNU Project | Free Software Foundation, Inc.
GNU Barcode
0.99 - AFFECTED
References
ExploitDB-44797
https://www.exploit-db.com/exploits/44797
GNU Barcode Official Product Page
https://www.gnu.org/software/barcode/
FSF Directory Entry for Barcode
https://directory.fsf.org/wiki/Barcode
GitHub Security Advisories
GHSA-fv28-hc36-43g9
GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that...
https://github.com/advisories/GHSA-fv28-hc36-43g9GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2018-25154Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2018-25154",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2025-12-24T20:24:32.336Z",
"dateReserved": "2025-12-24T14:28:02.436Z",
"datePublished": "2025-12-24T19:27:53.486Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2025-12-24T19:27:53.486Z"
},
"title": "GNU Barcode 0.99 Buffer Overflow in Code 93 Encoding Mechanism",
"descriptions": [
{
"lang": "en",
"value": "GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system."
}
],
"affected": [
{
"vendor": "The GNU Project | Free Software Foundation, Inc.",
"product": "GNU Barcode",
"versions": [
{
"version": "0.99",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Out-of-bounds Write",
"cweId": "CWE-787",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.exploit-db.com/exploits/44797",
"name": "ExploitDB-44797",
"tags": [
"exploit"
]
},
{
"url": "https://www.gnu.org/software/barcode/",
"name": "GNU Barcode Official Product Page",
"tags": [
"product"
]
},
{
"url": "https://directory.fsf.org/wiki/Barcode",
"name": "FSF Directory Entry for Barcode",
"tags": [
"product"
]
}
],
"metrics": [
{
"format": "CVSS"
},
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
}
],
"credits": [
{
"lang": "en",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab",
"type": "finder"
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-12-24T20:24:32.336Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}