CVE-2019-25656

HIGH

R i386 3.5.0 Local Buffer Overflow SEH

Title source: cna

Description

R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler (SEH) overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messages' field to overwrite SEH records and achieve code execution with calculator or arbitrary shellcode.

Exploits (1)

exploitdb WORKING POC

by Dino Covotsos · pythonlocalwindows

https://www.exploit-db.com/exploits/46288

View Code ZIP pw:eip

References (4)

[Exploit] https://www.exploit-db.com/exploits/46288

[Product] https://www.r-project.org/

[Product] https://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe

[Third Party Advisory] https://www.vulncheck.com/advisories/r-i386-local-buffer-overflow-seh

Scores

CVSS v3 8.4

EPSS 0.0002

EPSS Percentile 4.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (1)

R-Project/R i386 3.5.0

Published Apr 05, 2026

Tracked Since Apr 06, 2026