CVE-2019-25485

Name of the Vulnerable Software and Affected Versions R versions 3.4.4

Description The software contains a buffer overflow issue in the language menu field within GUI Preferences. This allows local attackers to bypass Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) protections. Attackers can inject a crafted payload through the 'Language for menus' preference to trigger a structured exception handler chain pivot and execute arbitrary shellcode with application privileges.

Recommendations Update to a newer version that addresses this vulnerability. As a temporary workaround, consider avoiding modification of the 'Language for menus' preference within GUI Preferences.