CVE-2025-47868
- Source
- https://cve.org/CVERecord?id=CVE-2025-47868
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47868.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-47868
- Published
- 2025-06-16T11:15:18.437Z
- Modified
- 2026-04-10T05:27:36.065989Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation).
This issue affects Apache NuttX: from 6.9 before 12.9.0.
Users are recommended to upgrade to version 12.9.0, which fixes the issue.
- References
Affected packages
Git / github.com/apache/incubator-nuttx
Affected versions
nuttx-12.*
nuttx-12.9.0-RC0
nuttx-6.*
nuttx-6.10
nuttx-6.11
nuttx-6.12
nuttx-6.13
nuttx-6.14
nuttx-6.15
nuttx-6.16
nuttx-6.17
nuttx-6.18
nuttx-6.19
nuttx-6.20
nuttx-6.21
nuttx-6.22
nuttx-6.23
nuttx-6.24
nuttx-6.25
nuttx-6.26
nuttx-6.27
nuttx-6.28
nuttx-6.29
nuttx-6.30
nuttx-6.31
nuttx-6.32
nuttx-6.33
nuttx-6.9
nuttx-7.*
nuttx-7.1
nuttx-7.10
nuttx-7.11
nuttx-7.12
nuttx-7.13
nuttx-7.14
nuttx-7.15
nuttx-7.16
nuttx-7.17
nuttx-7.18
nuttx-7.2
nuttx-7.20
nuttx-7.21
nuttx-7.22
nuttx-7.23
nuttx-7.24
nuttx-7.25
nuttx-7.26
nuttx-7.27
nuttx-7.28
nuttx-7.29
nuttx-7.3
nuttx-7.30
nuttx-7.31
nuttx-7.4
nuttx-7.5
nuttx-7.6
nuttx-7.8
nuttx-7.9
nuttx-8.*
nuttx-8.1
nuttx-8.2