CVE-2025-47868

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-47868
Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation). This issue affects Apache NuttX: from 6.9 before 12.9.0. Users are recommended to upgrade to version 12.9.0, which fixes the issue.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/apache/nuttx/pull/16000 Issue Tracking Third Party Advisory
https://lists.apache.org/thread/p4o2lcqgspx3ws1n2p4wmoqbqow1w1pw Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/06/14/1 Mailing List Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:nuttx:*:*:*:*:*:*:*:*
History

17 Jun 2025, 19:38

Type Values Removed Values Added
References () https://github.com/apache/nuttx/pull/16000 - () https://github.com/apache/nuttx/pull/16000 - Issue Tracking, Third Party Advisory
References () https://lists.apache.org/thread/p4o2lcqgspx3ws1n2p4wmoqbqow1w1pw - () https://lists.apache.org/thread/p4o2lcqgspx3ws1n2p4wmoqbqow1w1pw - Vendor Advisory
References () http://www.openwall.com/lists/oss-security/2025/06/14/1 - () http://www.openwall.com/lists/oss-security/2025/06/14/1 - Mailing List, Vendor Advisory
First Time Apache
Apache nuttx
CPE cpe:2.3:a:apache:nuttx:*:*:*:*:*:*:*:*

16 Jun 2025, 17:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

16 Jun 2025, 12:32

Type Values Removed Values Added
Summary
  • (es) Se descubrió una vulnerabilidad de escritura fuera de los límites que podría provocar un desbordamiento de búfer basado en el montón en la utilidad de conversión de fuentes tools/bdf-converter, que forma parte del repositorio de Apache NuttX RTOS. Este programa independiente es opcional y no forma parte de NuttX RTOS ni del entorno de ejecución de aplicaciones, pero los usuarios activos de bdf-converter pueden verse afectados cuando esta herramienta se expone a datos de usuario externos (es decir, automatización pública). Este problema afecta a Apache NuttX desde la versión 6.9 hasta la 12.9.0. Se recomienda actualizar a la versión 12.9.0, que soluciona el problema.

16 Jun 2025, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-16 11:15

Updated : 2025-06-17 19:38

NVD link : CVE-2025-47868

Mitre link : CVE-2025-47868

CVE.ORG link : CVE-2025-47868

JSON object : View

Products Affected

apache

  • nuttx
CWE
CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write