CVE-2018-25154 HIGH

CVE-2018-25154: GNU Barcode 0.99 Buffer Overflow in Code 93 Encoding Mechanism

Vendor The Gnu Project | Free Software Foundation, Inc.
Product GNU Barcode
Weakness CWE-787
Published December 24, 2025
Last update April 7, 2026

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system.

Key dates

02Disclosure timeline

December 24, 2025 CVE published
April 7, 2026 Record updated