CVE-2025-50165

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions (affected versions not specified)

Description A critical issue exists in the Microsoft Windows Graphics Component, specifically within the windowscodecs.dll library. This flaw is an untrusted pointer dereference that allows a remote, unauthorized attacker to execute arbitrary code on a vulnerable system. The issue can be triggered by a specially crafted JPEG image, which can be embedded within documents like Microsoft Office files or even sent as an email attachment. The vulnerability does not require user interaction in some cases. Exploitation involves techniques like heap spraying and Return-Oriented Programming (ROP) chains. Control Flow Guard (CFG) is disabled by default for the 32-bit version of windowscodecs.dll, while the 64-bit version requires a CFG bypass for successful exploitation. The vulnerability affects any application that utilizes the Windows Graphics library.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.