{
  "threat_severity" : "Moderate",
  "public_date" : "2026-01-18T09:02:12Z",
  "bugzilla" : {
    "description" : "opencc: OpenCC: Heap-based buffer overflow in MaxMatchSegmentation function allows local attackers to impact system integrity.",
    "id" : "2430670",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2430670"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-787",
  "details" : [ "A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. Patch name: 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is recommended to deploy a patch.", "A flaw was found in BYVoid OpenCC. This vulnerability involves a heap-based buffer overflow, a type of memory corruption, within the MaxMatchSegmentation function. A local attacker can exploit this by providing specially crafted input, which may lead to information disclosure, denial of service, or potentially arbitrary code execution. An exploit for this issue is publicly available." ],
  "statement" : "Exploiting this vulnerability requires that the system allows untrusted input from local users.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "opencc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-15536\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-15536\nhttps://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec\nhttps://github.com/BYVoid/OpenCC/issues/997\nhttps://github.com/BYVoid/OpenCC/pull/1005\nhttps://github.com/oneafter/1222/blob/main/repro\nhttps://vuldb.com/?ctiid.341708\nhttps://vuldb.com/?id.341708\nhttps://vuldb.com/?submit.733347" ],
  "name" : "CVE-2025-15536",
  "csaw" : false
}