CVE-2023-53966 CRITICAL

CVE-2023-53966: SOUND4 LinkAndShare Transmitter 1.1.2 Format String Stack Buffer Overflow

Vendor Sound4 Ltd.
Product SOUND4 LinkAndShare Transmitter
Weakness CWE-134
Published December 22, 2025
Last update December 22, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute arbitrary code and crash the application.

Key dates

02Disclosure timeline

December 22, 2025 CVE published
December 22, 2025 Record updated