CVE-2019-25634

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-25634
Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-RET gadget address, and uses an egghunter payload to locate and execute shellcode for code execution.

8.4 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://4mhz.de/b64dec.html Product Release Notes
http://4mhz.de/download.php?file=b64dec-1-1-2.zip Product
https://www.exploit-db.com/exploits/46625 Exploit
https://www.vulncheck.com/advisories/base64-decoder-local-buffer-overflow-seh-egghunter Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:4mhz:base64_decoder:1.1.2:*:*:*:*:*:*:*
History

03 Jun 2026, 18:44

Type Values Removed Values Added
Summary
  • (es) Base64 Decoder 1.1.2 contiene una vulnerabilidad de desbordamiento de búfer basado en pila que permite a atacantes locales ejecutar código arbitrario al desencadenar una sobrescritura del gestor de excepciones estructuradas (SEH). Los atacantes pueden crear un archivo de entrada malicioso que desborda un búfer, sobrescribe la cadena SEH con una dirección de gadget POP-POP-RET y utiliza una carga útil egghunter para localizar y ejecutar shellcode para la ejecución de código.
CPE cpe:2.3:a:4mhz:base64_decoder:1.1.2:*:*:*:*:*:*:*
First Time 4mhz base64 Decoder
4mhz
References () http://4mhz.de/b64dec.html - () http://4mhz.de/b64dec.html - Product, Release Notes
References () http://4mhz.de/download.php?file=b64dec-1-1-2.zip - () http://4mhz.de/download.php?file=b64dec-1-1-2.zip - Product
References () https://www.exploit-db.com/exploits/46625 - () https://www.exploit-db.com/exploits/46625 - Exploit
References () https://www.vulncheck.com/advisories/base64-decoder-local-buffer-overflow-seh-egghunter - () https://www.vulncheck.com/advisories/base64-decoder-local-buffer-overflow-seh-egghunter - Third Party Advisory

24 Mar 2026, 12:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-24 12:16

Updated : 2026-06-03 18:44

NVD link : CVE-2019-25634

Mitre link : CVE-2019-25634

CVE.ORG link : CVE-2019-25634

JSON object : View

Products Affected

4mhz

  • base64_decoder
CWE
CWE-787

Out-of-bounds Write