CVE-2023-27566

HIGH

Live2D Cubism Editor 4.2.03 - Out-of-bounds Write via MOC3 File Section Offset Table

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-27566. PoCs published by OpenL2D.

AI-analyzed exploit summary This repository contains a crafted Live2D MOC3 file that triggers a denial-of-service (DoS) via out-of-bounds memory access in Live2D Cubism Core due to lack of bounds checking. The exploit crashes applications loading the model, with potential for arbitrary code execution depending on host program memory layout.

Description

Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a crafted Section Offset Table or Count Info Table in an MOC3 file.

Exploits (1)

nomisec WORKING POC 95 stars
by OpenL2D · poc
https://github.com/OpenL2D/moc3ingbird

This repository contains a crafted Live2D MOC3 file that triggers a denial-of-service (DoS) via out-of-bounds memory access in Live2D Cubism Core due to lack of bounds checking. The exploit crashes applications loading the model, with potential for arbitrary code execution depending on host program memory layout.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Live2D Cubism Core (and applications using it, e.g., Cubism Viewer, VTube Studio)
No auth needed
Prerequisites: Access to a system with Live2D Cubism Core or compatible software
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 7.8
EPSS 0.0058
EPSS Percentile 43.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (1)
live2d/cubism_editor 4.2.03
Published Mar 03, 2023
Tracked Since Feb 18, 2026