CVE-2025-26519

Published Feb 14, 2025

Last updated 9 days ago

CVSS high 8.1

Overview

Description
musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.
Source
cve@mitre.org
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.1
Impact score
6
Exploitability score
1.4
Vector string
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-787

Social media

Hype score
Not currently trending

  1. CVE-2025-26519 Exposes Applications Using musl libc to Remote Code Execution Explore the details of CVE-2025-26519, a serious vulnerability in musl libc that allows arbitrary code execution on systems https://t.co/L6Hb08CwaK

    @the_yellow_fall

    19 Feb 2025

    408 Impressions

    2 Retweets

    7 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  2. Security Advisory (CVE-2025-26519) for musl libc: https://t.co/qhvUN1Silv All users running applications which use iconv with untrusted input (see link for details of what usage is affected) should patch ASAP.

    @gnutools

    17 Feb 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ๐Ÿšจ CVE-2025-26519 ๐Ÿ”ด HIGH (8.1) ๐Ÿข musl-libc - musl ๐Ÿ—๏ธ 0.9.13 ๐Ÿ”— https://t.co/cxaqiY76cM ๐Ÿ”— https://t.co/9pSdHQQNgk ๐Ÿ”— https://t.co/T733mNELMe #CyberCron #VulnAlert https://t.co/2dqRdPoKLP

    @cybercronai

    16 Feb 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-26519 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8. https://t.co/P0Jp2tgo2s

    @CVEnew

    14 Feb 2025

    510 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() https://t.co/2miucSNnjS

    @jedisct1

    13 Feb 2025

    83 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() https://t.co/Cwq2Wpe9Fj

    @andersonc0d3

    13 Feb 2025

    176 Impressions

    0 Retweets

    2 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() https://t.co/YNDQehMiEA for the vulnerability to be exposed, an application must call iconv_open with output encoding UTF-8 and input encoding EUC-KR and must subsequently process untrusted input

    @oss_security

    13 Feb 2025

    1365 Impressions

    5 Retweets

    12 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

References