CVE-2025-26519: [musl] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv()
Published Feb 13, 2025
·Updated
musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.
Affected Software
3 affected components
musl musl libc>=0.9.13<1.2.6
IBM Concert Software<=1.0.0-1.1.0
Musl-libc Musl>=0.9.13<1.2.6
Remediation
Event History
Feb 14, 2025
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·04:15 AM
RemedyDescriptionSeverityWeaknessAffected Software
Aug 18, 2025
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-26519?
CVE-2025-26519 has been classified as a critical vulnerability due to its potential for causing significant security risks.
2
How do I fix CVE-2025-26519?
To fix CVE-2025-26519, upgrade musl libc to version 1.2.6 or later.
3
What software is affected by CVE-2025-26519?
CVE-2025-26519 affects musl libc versions from 0.9.13 to 1.2.5.
4
What type of vulnerability is CVE-2025-26519?
CVE-2025-26519 is an out-of-bounds write vulnerability triggered during iconv conversion of EUC-KR text.
5
Can CVE-2025-26519 be exploited remotely?
Yes, CVE-2025-26519 can be exploited remotely if an attacker can supply untrusted EUC-KR input.