CVE-2018-25154

CRITICAL

GNU Barcode 0.99 - Buffer Overflow in Code 93 Encoding

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25154. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in GNU Barcode 0.99, specifically in the `code93.c` file where the `strcat` function is used unsafely. The proof-of-concept triggers a global-buffer-overflow, as confirmed by AddressSanitizer, which could lead to arbitrary code execution.

Description

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · textlocallinux
https://www.exploit-db.com/exploits/44797

This exploit demonstrates a buffer overflow vulnerability in GNU Barcode 0.99, specifically in the `code93.c` file where the `strcat` function is used unsafely. The proof-of-concept triggers a global-buffer-overflow, as confirmed by AddressSanitizer, which could lead to arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GNU Barcode 0.99
No auth needed
Prerequisites: A specially crafted input file or command-line argument to trigger the buffer overflow
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory product
https://directory.fsf.org/wiki/Barcode
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/44797
Various Sources product
https://www.gnu.org/software/barcode/

Scores

CVSS v3 9.8
EPSS 0.0033
EPSS Percentile 24.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (1)
The GNU Project | Free Software Foundation, Inc./GNU Barcode 0.99
Published Dec 24, 2025
Tracked Since Feb 18, 2026