Heap-based Buffer Overflow in BYVoid OpenCC Affects Local Execution
CVE-2025-15536

4.8MEDIUM

Key Information:

Vendor

Byvoid

Status
Opencc
Vendor
CVE Published:
18 January 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2025-15536?

A vulnerability has been discovered in BYVoid OpenCC versions up to 1.1.9, specifically within the opencc::MaxMatchSegmentation function located in src/MaxMatchSegmentation.cpp. This weakness leads to a heap-based buffer overflow that could be exploited when executed locally. Given the exploit's public availability, it poses a risk to systems running the affected software. It is strongly advised to apply the available patch (commit 345c9a50ab07018f1b4439776bad78a0d40778ec) to mitigate the risk associated with this vulnerability.

Affected Version(s)

OpenCC 1.1.0

OpenCC 1.1.1

OpenCC 1.1.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-15536 - Proof of Concept

References

https://vuldb.com/?id.341708
vdb-entrytechnical-description
https://vuldb.com/?ctiid.341708
signaturepermissions-required
https://vuldb.com/?submit.733347
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Oneafter (VulDB User)
JSON
.