CVE-2025-67873
MEDIUMDescription
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue.
Is your site exposed to CVE-2025-67873?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| capstone-engine | capstone |
| capstone-engine | capstone |
| capstone-engine | capstone |
| capstone-engine | capstone |
| capstone-engine | capstone |
| capstone-engine | capstone |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-67873? +
How severe is CVE-2025-67873? +
What products are affected by CVE-2025-67873? +
How do I check if I'm vulnerable to CVE-2025-67873? +
Related Vulnerabilities
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged …
vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This …
The illumos SCTP inbound path performs association lookup for INIT ACK chunks without adequately validating the address parameters carried in …
A time-of-check to time-of-use (TOCTOU) flaw in the illumos data-link pseudo-driver (dld) affects handling of the DLDIOC_GETMACPROP and DLDIOC_SETMACPROP ioctls …
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for …
A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. …