VDB
CVE-2018-25154
CVE-2018-25154
PUBLISHED
GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system.
EPSS 0.07% · 22.6th percentile
Risk Scores
EPSS Score
0.07%
22.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:24.04:LTS | barcode | 0.99-6, 0, 0.99-7 |
| Ubuntu:25.10 | barcode | 0.99-9, 0 |
| Ubuntu:22.04:LTS | barcode | 0, 0.99-5, 0.99-4 |
| Ubuntu:16.04:LTS | barcode | 0.98+debian-9.1, 0 |
| Ubuntu:20.04:LTS | barcode | 0, 0.99-3 |
| Ubuntu:18.04:LTS | barcode | 0, *, * |
Exploit Intelligence
- CIRCL seen: CVE-2018-25154 (circl-sighting)
- CIRCL seen: CVE-2018-25154 (circl-sighting)
- GNU Barcode Official Product Page (circl)
- FSF Directory Entry for Barcode (circl)
- ExploitDB-44797 (cve.org)
Timeline
- Dec 24, 2025 CVE Published
- Dec 24, 2025 PoC Published
- Dec 24, 2025 PoC Published
- Dec 25, 2025 EPSS Score
- Dec 29, 2025 EPSS Score
- Jan 1, 2026 EPSS Score
- Jan 5, 2026 EPSS Score
- Jan 9, 2026 EPSS Score
- Jan 13, 2026 EPSS Score
- Jan 16, 2026 EPSS Score
- Jan 20, 2026 EPSS Score
- Jan 24, 2026 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-25154 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-25154 third-party-advisory
- https://lists.gnu.org/archive/html/bug-barcode/2018-05/msg00002.html third-party-advisory
- https://www.exploit-db.com/exploits/44797 third-party-advisory
- https://directory.fsf.org/wiki/Barcode third-party-advisory
- https://www.gnu.org/software/barcode/ third-party-advisory