Login Sign Up

CVE-2025-15536

5.3 MEDIUM
Buffer Overflow

📋 TL;DR

A heap-based buffer overflow vulnerability exists in BYVoid OpenCC versions up to 1.1.9, specifically in the MaxMatchSegmentation function. This allows local attackers to execute arbitrary code or cause denial of service. Users of OpenCC for Chinese text conversion are affected.

💻 Affected Systems

Products:
  • BYVoid OpenCC
Versions: All versions up to and including 1.1.9
Operating Systems: Linux, Windows, macOS, BSD (any system running OpenCC)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where OpenCC is installed and used. The vulnerability is in the core segmentation functionality.

📦 What is this software?

Open Chinese Convert by Byvoid

View all CVEs affecting Open Chinese Convert →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise or persistent backdoor installation

🟠

Likely Case

Application crash (denial of service) or limited code execution in the context of the OpenCC process

🟢

If Mitigated

Minimal impact if proper sandboxing/containerization is used and OpenCC runs with minimal privileges

🌐 Internet-Facing: LOW (requires local execution, not remotely exploitable)
🏢 Internal Only: MEDIUM (local attackers could exploit this, but requires access to systems running OpenCC)

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit code is publicly available on GitHub. Attack requires local access to execute OpenCC with malicious input.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit 345c9a50ab07018f1b4439776bad78a0d40778ec

Vendor Advisory: https://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec

Restart Required: No

Instructions:

1. Update OpenCC to latest version from official repository. 2. Recompile if using source. 3. Replace existing binary with patched version.

🔧 Temporary Workarounds

Restrict OpenCC execution

linux

Limit which users can execute OpenCC binary using file permissions or mandatory access controls

chmod 750 /usr/bin/opencc
setfacl -m u:trusteduser:rx /usr/bin/opencc

Run in sandboxed environment

all

Execute OpenCC within container or sandbox with limited privileges

docker run --security-opt=no-new-privileges -v /path/to/data:/data opencc:latest

🧯 If You Can't Patch

  • Remove or disable OpenCC binary from production systems
  • Implement strict access controls to limit which users can execute OpenCC

🔍 How to Verify

Check if Vulnerable:

Check OpenCC version: opencc --version. If version is 1.1.9 or earlier, system is vulnerable.

Check Version:

opencc --version 2>/dev/null || echo 'OpenCC not installed'

Verify Fix Applied:

Verify commit hash contains 345c9a50ab07018f1b4439776bad78a0d40778ec or version is newer than 1.1.9

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault crashes of opencc process
  • Abnormal memory usage patterns in OpenCC

Network Indicators:

  • N/A (local exploit only)

SIEM Query:

process.name:"opencc" AND (event.action:"segmentation_fault" OR event.outcome:"failure")

📊 Metadata

CVE ID: CVE-2025-15536
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.02% exploit probability (3.7th percentile)
Published: January 18, 2026
Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15536, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)