Source: capstone Version: 5.0.6-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for capstone. CVE-2025-67873[0]: | Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and | prior, Skipdata length is not bounds-checked, so a user-provided | skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than | 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the | disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 | fixes the issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-67873 https://www.cve.org/CVERecord?id=CVE-2025-67873 [1] https://github.com/capstone-engine/capstone/security/advisories/GHSA-hj6g-v545-v7jg [2] https://github.com/capstone-engine/capstone/commit/cbef767ab33b82166d263895f24084b75b316df3 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
