CVE-2025-47868

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.5%
top 35.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache Nuttx Rtos: Tools/bdf-converter.Apache Nuttx
Timeline
PublishedJun 16

Description

Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation). This issue affects Apache NuttX: from 6.9 before 12.9.0. Users are

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDapache/nuttx6.912.9.0

🔴Vulnerability Details

2
CVEList
Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition.2025-06-16
GHSA
GHSA-fj9m-mxr3-fvf7: Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that2025-06-16
CVE-2025-47868 (CRITICAL CVSS 9.8) | Out-of-bounds Write resulting in po | cvebase.io