Buffer Overflow Vulnerability in libpcap on Windows Systems
CVE-2025-11964

1.9LOW

Key Information:

Vendor: The Tcpdump Group
Status: Libpcap
Vendor: CVE Published:; 31 December 2025

🔔 Create The Tcpdump Group Vulnerability Alert

What is CVE-2025-11964?

A buffer overflow vulnerability exists in libpcap for Windows, arising when the library attempts to convert certain error messages to UTF-8 format. In particular, if the error messages contain characters represented in UTF-8 using 4 bytes, the function utf_16le_to_utf_8_truncated() may inadvertently write data beyond the allocated memory buffer. This flaw poses a risk of potential data corruption or application crashes, underlining the importance of applying the latest updates to mitigate such security issues.

Affected Version(s)

libpcap 1.10.0 < 1.10.6

References

https://github.com/the-tcpdump-group/libpcap/commit/7fabf...

patch

CVSS V3.1

Score:

1.9

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2025
Vulnerability Reserved
Oct 20, 2025

Credit

Aniruddhan Murali

Noble Saji Mathews

Mahmoud Alfadel

Mei Nagappan

Meng Xu

CVE-2025-11964 Data

JSON