CVE-2025-34449

Name of the Vulnerable Software and Affected Versions Genymobile/scrcpy versions up to and including 3.3.3

Description The software contains a global buffer overflow issue within the sc read32be function, which is called by sc device msg deserialize() and process msgs(). Processing specially crafted device messages can lead to reading beyond the allocated memory for a global buffer, potentially causing memory corruption or application crashes. This can result in a denial of service, and depending on the system setup and protections in place, could potentially be used for more serious exploitation.

Recommendations Update to a version later than 3.3.3 and after commit 3e40b24.