CVE-2019-25695

HIGH

R 3.4.4 Local Buffer Overflow Windows XP SP3

Title source: cna

Description

R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload is pasted into the Language for menus and messages field.

Exploits (1)

exploitdb WORKING POC

by Dino Covotsos · pythonlocalwindows

https://www.exploit-db.com/exploits/46265

View Code ZIP pw:eip

References (3)

[Exploit] https://www.exploit-db.com/exploits/46265

[Product] https://cloud.r-project.org/bin/windows/

[Third Party Advisory] https://www.vulncheck.com/advisories/r-local-buffer-overflow-windows-xp-sp3

Scores

CVSS v3 8.4

EPSS 0.0001

EPSS Percentile 0.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (1)

r-project/R 3.4.4

Published Apr 12, 2026

Tracked Since Apr 12, 2026