CVE-2025-0633 : Heap-based Buffer Overflow vulnerability in iniparser_dumpsection

Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory

Published 2025-02-19 07:15:34

Updated 2025-02-19 07:15:34

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2025-0633

Please log in to view affected product information.

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 3 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.1	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/V...	N/A	N/A	Samsung TV & Appliance	2025-02-19
Attack Vector: Local Attack Complexity: Low Attack Requirements: None Privileges Required: None User Interaction: None Confidentiality (VC): Low Integrity (VI): None Availability (VA): None

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Assigned by: PSIRT@samsung.com (Secondary)

https://gitlab.com/iniparser/iniparser/-/issues/177

Heap Overflow in iniparser.c-> iniparser_dumpsection_ini() (#177) · Issues · iniparser / iniparser · GitLab

Jump to