CVE-2025-15536

A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. Patch name: 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is recommended to deploy a patch.

References

Affected packages

Git / github.com/byvoid/opencc

Affected ranges

Type

GIT

Repo

https://github.com/byvoid/opencc

Events

Introduced

Last affected

556ed22496d650bd0b13b6c163be9814637970ae

Fixed

345c9a50ab07018f1b4439776bad78a0d40778ec

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.9"
        }
    ]
}

Affected versions

ver.*

ver.0.0.2

ver.0.0.3

ver.0.0.3.pre.1

ver.0.0.4

ver.0.0.4.pre.1

ver.0.0.5

ver.0.1.0

ver.0.1.1

ver.0.1.2

ver.0.2.0

ver.0.4.0

ver.0.4.1

ver.0.4.2

ver.0.4.3

ver.1.0.1

ver.1.0.2

ver.1.0.3

ver.1.0.3-1

ver.1.0.4

ver.1.0.5

ver.1.0.6

ver.1.1.0

ver.1.1.1

ver.1.1.2

ver.1.1.3

ver.1.1.4

ver.1.1.5

ver.1.1.6

ver.1.1.7

ver.1.1.8

ver.1.1.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15536.json"

vanir_signatures

[
    {
        "signature_version": "v1",
        "target": {
            "file": "src/MaxMatchSegmentationTest.cpp"
        },
        "source": "https://github.com/byvoid/opencc/commit/345c9a50ab07018f1b4439776bad78a0d40778ec",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "70059274697442571074952561048178473278"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-15536-031172be",
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/Conversion.cpp",
            "function": "Conversion::Convert"
        },
        "source": "https://github.com/byvoid/opencc/commit/345c9a50ab07018f1b4439776bad78a0d40778ec",
        "deprecated": false,
        "digest": {
            "function_hash": "6381518637341745790408454377949468909",
            "length": 431.0
        },
        "id": "CVE-2025-15536-9ba516eb",
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/MaxMatchSegmentation.cpp"
        },
        "source": "https://github.com/byvoid/opencc/commit/345c9a50ab07018f1b4439776bad78a0d40778ec",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "13155210609182758127440362113890544632",
                "262457899337220515738646061753602553158",
                "285213368059625420169449505333640788627",
                "7873400666696925498599951367764578229",
                "82056633348241842590845756684580931762",
                "175325883518381182824128990908566929299",
                "202880788568512139475792542587861056268",
                "183970471980939877521755136490344542285",
                "169186825631087214855367583253611868133",
                "256593017425488470075331074758697371507",
                "185456394026438316434147319624287037047",
                "271877632502434609502902958897391514026",
                "202041435387955471450439140463558346836"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-15536-c9b20953",
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/Conversion.cpp"
        },
        "source": "https://github.com/byvoid/opencc/commit/345c9a50ab07018f1b4439776bad78a0d40778ec",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "35188034922160700419369850687172541047",
                "256813666568118900055544291833663595915",
                "121269006699948513830650119474442912441",
                "170553094775277015914406362643277452620",
                "309190718889097147965932571134085176669",
                "127036327170312509841037463510901863134",
                "110942305786751141037063811902824646986",
                "101266936448420575809005794680694800447",
                "231523677301811415958286139661605347437",
                "214552425441247126300055492671793234155",
                "238253398204744588669778591476607137300",
                "246553512758779271706903982662158257464"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-15536-d7aa7334",
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/ConversionTest.cpp"
        },
        "source": "https://github.com/byvoid/opencc/commit/345c9a50ab07018f1b4439776bad78a0d40778ec",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "332063026749034846124606652766175785507"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-15536-e29b0e9c",
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/MaxMatchSegmentation.cpp",
            "function": "MaxMatchSegmentation::Segment"
        },
        "source": "https://github.com/byvoid/opencc/commit/345c9a50ab07018f1b4439776bad78a0d40778ec",
        "deprecated": false,
        "digest": {
            "function_hash": "160052688247663851835510020033152236808",
            "length": 757.0
        },
        "id": "CVE-2025-15536-fb68ecd1",
        "signature_type": "Function"
    }
]