{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15536", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-01-17T16:27:11.665Z", "datePublished": "2026-01-18T09:02:12.026Z", "dateUpdated": "2026-01-20T17:07:00.359Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-01-18T09:02:12.026Z"}, "title": "BYVoid OpenCC MaxMatchSegmentation.cpp MaxMatchSegmentation heap-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "BYVoid", "product": "OpenCC", "versions": [{"version": "1.1.0", "status": "affected"}, {"version": "1.1.1", "status": "affected"}, {"version": "1.1.2", "status": "affected"}, {"version": "1.1.3", "status": "affected"}, {"version": "1.1.4", "status": "affected"}, {"version": "1.1.5", "status": "affected"}, {"version": "1.1.6", "status": "affected"}, {"version": "1.1.7", "status": "affected"}, {"version": "1.1.8", "status": "affected"}, {"version": "1.1.9", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. Patch name: 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is recommended to deploy a patch."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-01-17T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-01-17T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-01-17T17:32:17.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Oneafter (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.341708", "name": "VDB-341708 | BYVoid OpenCC MaxMatchSegmentation.cpp MaxMatchSegmentation heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.341708", "name": "VDB-341708 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.733347", "name": "Submit #733347 | BYVoid OpenCC ver.1.1.9 and master-branch Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/BYVoid/OpenCC/issues/997", "tags": ["issue-tracking"]}, {"url": "https://github.com/BYVoid/OpenCC/pull/1005", "tags": ["issue-tracking"]}, {"url": "https://github.com/oneafter/1222/blob/main/repro", "tags": ["exploit"]}, {"url": "https://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec", "tags": ["patch"]}], "tags": ["x_open-source"]}, "adp": [{"references": [{"url": "https://github.com/BYVoid/OpenCC/issues/997", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-20T17:06:49.316017Z", "id": "CVE-2025-15536", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T17:07:00.359Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15536", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-20T17:06:49.316017Z"}}}], "references": [{"url": "https://github.com/BYVoid/OpenCC/issues/997", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T17:06:41.824Z"}}], "cna": {"tags": ["x_open-source"], "title": "BYVoid OpenCC MaxMatchSegmentation.cpp MaxMatchSegmentation heap-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "Oneafter (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "BYVoid", "product": "OpenCC", "versions": [{"status": "affected", "version": "1.1.0"}, {"status": "affected", "version": "1.1.1"}, {"status": "affected", "version": "1.1.2"}, {"status": "affected", "version": "1.1.3"}, {"status": "affected", "version": "1.1.4"}, {"status": "affected", "version": "1.1.5"}, {"status": "affected", "version": "1.1.6"}, {"status": "affected", "version": "1.1.7"}, {"status": "affected", "version": "1.1.8"}, {"status": "affected", "version": "1.1.9"}]}], "timeline": [{"lang": "en", "time": "2026-01-17T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-01-17T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-01-17T17:32:17.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.341708", "name": "VDB-341708 | BYVoid OpenCC MaxMatchSegmentation.cpp MaxMatchSegmentation heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.341708", "name": "VDB-341708 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.733347", "name": "Submit #733347 | BYVoid OpenCC ver.1.1.9 and master-branch Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/BYVoid/OpenCC/issues/997", "tags": ["issue-tracking"]}, {"url": "https://github.com/BYVoid/OpenCC/pull/1005", "tags": ["issue-tracking"]}, {"url": "https://github.com/oneafter/1222/blob/main/repro", "tags": ["exploit"]}, {"url": "https://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. Patch name: 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is recommended to deploy a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-01-18T09:02:12.026Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15536", "state": "PUBLISHED", "dateUpdated": "2026-01-20T17:07:00.359Z", "dateReserved": "2026-01-17T16:27:11.665Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-01-18T09:02:12.026Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. Patch name: 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is recommended to deploy a patch."}], "id": "CVE-2025-15536", "lastModified": "2026-01-20T18:16:02.150", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-01-18T09:15:46.960", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec"}, {"source": "cna@vuldb.com", "url": "https://github.com/BYVoid/OpenCC/issues/997"}, {"source": "cna@vuldb.com", "url": "https://github.com/BYVoid/OpenCC/pull/1005"}, {"source": "cna@vuldb.com", "url": "https://github.com/oneafter/1222/blob/main/repro"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.341708"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.341708"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.733347"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/BYVoid/OpenCC/issues/997"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-122"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{"bugzilla": {"description": "opencc: OpenCC: Heap-based buffer overflow in MaxMatchSegmentation function allows local attackers to impact system integrity.", "id": "2430670", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430670"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "(CWE-119|CWE-122)", "details": ["A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. Patch name: 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is recommended to deploy a patch.", "A flaw was found in BYVoid OpenCC. This vulnerability involves a heap-based buffer overflow, a type of memory corruption, within the MaxMatchSegmentation function. A local attacker can exploit this by providing specially crafted input, which may lead to information disclosure, denial of service, or potentially arbitrary code execution. An exploit for this issue is publicly available."], "name": "CVE-2025-15536", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "opencc", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-01-18T09:02:12Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-15536\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-15536\nhttps://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec\nhttps://github.com/BYVoid/OpenCC/issues/997\nhttps://github.com/BYVoid/OpenCC/pull/1005\nhttps://github.com/oneafter/1222/blob/main/repro\nhttps://vuldb.com/?ctiid.341708\nhttps://vuldb.com/?id.341708\nhttps://vuldb.com/?submit.733347"], "statement": "Exploiting this vulnerability requires that the system allows untrusted input from local users.", "threat_severity": "Moderate"}

{"created": "2026-01-19T09:19:00.567574+00:00", "updated": "2026-01-19T09:19:00.567605+00:00", "vendors": ["byvoid", "byvoid$PRODUCT$opencc"]}