CVE-2018-25154

CRITICAL

GNU Barcode 0.99 - Buffer Overflow

Title source: llm

Description

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textlocallinux

https://www.exploit-db.com/exploits/44797

View Code ZIP pw:eip

References (3)

[Various Sources] https://www.gnu.org/software/barcode/

[Third Party Advisory] https://directory.fsf.org/wiki/Barcode

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/44797

Scores

CVSS v3 9.8

EPSS 0.0010

EPSS Percentile 27.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

The GNU Project | Free Software Foundation, Inc./GNU Barcode 0.99

Published Dec 24, 2025

Tracked Since Feb 18, 2026