CVE-2025-11964

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-11964
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11964.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-11964
Downstream
Published
2025-12-31T01:15:54.667Z
Modified
2026-04-12T19:53:16.420639Z
Severity
  • 1.9 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf16letoutf8_truncated() can write data beyond the end of the provided buffer.

References

Affected packages

Git / github.com/the-tcpdump-group/libpcap

Affected ranges

Type
GIT
Repo
https://github.com/the-tcpdump-group/libpcap
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7fabf607f2319a36a0bd78444247180acb838e69

Affected versions

libpcap-0.*
libpcap-0.6.1
libpcap-0.7.1
libpcap-0.8-bp
libpcap-1.*
libpcap-1.10-bp
libpcap-1.10.0
libpcap-1.10.1
libpcap-1.10.2
libpcap-1.10.3
libpcap-1.10.4
libpcap-1.10.5
libpcap-1.7.0-bp
libpcap-1.8.0-bp
libpcap-1.8.1
libpcap-1.9-bp
libpcap-1.9.0-rc1

Database specific

vanir_signatures 
[
    {
        "signature_version": "v1",
        "source": "https://github.com/the-tcpdump-group/libpcap/commit/7fabf607f2319a36a0bd78444247180acb838e69",
        "target": {
            "file": "fmtutils.c"
        },
        "deprecated": false,
        "id": "CVE-2025-11964-0556082a",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "105413501093099000177504737593665485571",
                "238539772435896871749861325614534390535",
                "308634017951984110653427438898181624682",
                "286765428450918210346252275733749370223"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/the-tcpdump-group/libpcap/commit/7fabf607f2319a36a0bd78444247180acb838e69",
        "target": {
            "function": "utf_16le_to_utf_8_truncated",
            "file": "fmtutils.c"
        },
        "deprecated": false,
        "id": "CVE-2025-11964-c57b6e8f",
        "signature_type": "Function",
        "digest": {
            "length": 1239.0,
            "function_hash": "48150353148794074420133864590076316976"
        }
    }
]
vanir_signatures_modified 
"2026-04-12T19:53:16Z"
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11964.json"