CVE-2025-67873

CVSS v3.1

7.8

High

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Capstone versions 6.0.0-Alpha5 and prior

Description Capstone, a disassembly framework, contains a flaw where the length of skipdata is not properly validated. A user-provided skipdata callback can trigger a heap buffer overflow in the disassembly path by allowing cs disasm/cs disasm iter to write beyond the allocated memory in cs insn.bytes, specifically exceeding 24 bytes. This occurs due to insufficient bounds checking.

Recommendations Update to a version later than 6.0.0-Alpha5.

Exploit

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

ALSA-2026:4898

CVE-2025-67873

GHSA-HJ6G-V545-V7JG

RHSA-2026:4898

RHSA-2026:5123

RHSA-2026:5124

RHSA-2026:5125

SUSE-SU-2026:0060-1

SUSE-SU-2026:20054-1

SUSE-SU-2026:20868-1

Affected Products

Capstone

Debian

CVE-2025-67873

Weakness Enumeration

Related Identifiers

Affected Products

References · 36