CVE-2025-26519

Name of the Vulnerable Software and Affected Versions musl libc versions 0.9.13 through 1.2.5

Description The issue is related to an out-of-bounds write vulnerability in musl libc when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8. This can be exploited when an application calls iconv open with output encoding UTF-8 and input encoding EUC-KR and subsequently processes untrusted input. The vulnerability exposes applications using musl libc to remote code execution.

Recommendations For musl libc versions 0.9.13 through 1.2.5, update to version 1.2.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of iconv open with untrusted input to minimize the risk of exploitation. Avoid using iconv with output encoding UTF-8 and input encoding EUC-KR for untrusted input until the issue is resolved.