CVE-2025-1471 — Out-of-bounds Write in Foundation Eclipse OMR

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.1%

top 71.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eclipse Foundation Eclipse OMR Eclipse OMR

Timeline

PublishedFeb 21

Description

In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized correctly and checked appropriately to prevent buffer overflows.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5eclipse_foundation/eclipse_omr0.2.0 — 0.4.0

▶NVDeclipse/omr0.2.0 — 0.4.0

Patches

Patch: github.com ↗

🔴Vulnerability Details

CVEList

Eclipse OMR: Buffer overflow vulnerability↗2025-02-21

▶

GHSA

GHSA-w5mv-5x6q-jgmp: In Eclipse OMR versions 0↗2025-02-21

▶