Out-of-bounds Read Vulnerability in osslsigncode Tool by mTrojnar
CVE-2026-39856

5.5MEDIUM

Key Information:

Vendor

Mtrojnar

Status
Osslsigncode
Vendor
CVE Published:
9 April 2026

What is CVE-2026-39856?

The osslsigncode tool, which facilitates Authenticode signing and timestamping, contains a flaw in versions prior to 2.13. Specifically, an out-of-bounds read can occur during the computation of page hashes for PE files. This issue arises when the function pe_page_hash_calc() processes the PointerToRawData and SizeOfRawData values from section headers without adequate validation of the referenced memory region. Malicious actors can exploit this vulnerability by crafting PE files with section headers that point beyond the file's end. If the tool attempts to compute page hashes for such files while page hashing is enabled, it may inadvertently read from invalid memory regions, leading to a process crash. Note that the risk is also present when verifying already signed PE files, which do not require the presence of the -ph flag. The flaw has been addressed in version 2.13, mitigating the associated risks.

Affected Version(s)

osslsigncode < 2.13

References

https://github.com/mtrojnar/osslsigncode/security/advisor...
x_refsource_CONFIRM
https://github.com/mtrojnar/osslsigncode/commit/92f8761b4...
x_refsource_MISC
https://github.com/mtrojnar/osslsigncode/releases/tag/2.13
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.