Heap-based Buffer Overflow in LibYAML Affects Multiple Products
CVE-2014-2525

Currently unrated

Key Information:

Vendor

Pyyaml

Status
Vendor
CVE Published:
28 March 2014

What is CVE-2014-2525?

A heap-based buffer overflow vulnerability exists in the yaml_parser_scan_uri_escapes function of LibYAML prior to version 0.1.6. This flaw allows context-dependent attackers to exploit the parsing process of YAML files. By crafting a malicious URI with a long sequence of percent-encoded characters, an attacker could potentially execute arbitrary code on the affected system, highlighting the critical importance of validating input before processing.

References

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.