cvedb.io
CVE-2025-67873
MEDIUM · CVSS 4.8
EPSS exploitation probability: 0%
Published 2025-12-17T22:16:00.147 · Last modified 2026-06-17T09:58:12.490

Summary

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue.

Affected products

capstone-engine — capstone

Does this affect you?

Add your gear to cvedb and we'll alert you only when capstone-engine ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.