CVE-2025-26519Out-of-bounds Write in Musl

CWE-787Out-of-bounds Write5 documents5 sources
Severity
7.0HIGHNVD
CNA8.1
EPSS
0.0%
top 89.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Musl-libc Musl
Timeline
PublishedFeb 14

Description

musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages3 packages

CVEListV5musl-libc/musl0.9.131.2.6
NVDmusl-libc/musl0.9.131.2.6
Debianmusl-libc/musl< 1.2.5-2+1

Patches

Patch: git.musl-libc.orgPatch: git.musl-libc.org

🔴Vulnerability Details

3
GHSA
GHSA-xpv5-92cc-8f65: musl libc 02025-02-14
OSV
CVE-2025-26519: musl libc 02025-02-14
CVEList
CVE-2025-26519: musl libc 02025-02-14

📋Vendor Advisories

1
Debian
CVE-2025-26519: musl - musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerabi...2025
CVE-2025-26519 — Out-of-bounds Write in Musl-libc Musl | cvebase