Home

Description

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.

PUBLISHED Reserved 2026-04-12 | Published 2026-04-12 | Updated 2026-04-13 | Assigner VulnCheck




HIGH: 8.6CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Unrestricted Upload of File with Dangerous Type

Product status

3.5.0
affected

Credits

bzyo finder

References

www.exploit-db.com/exploits/46107 (ExploitDB-46107) exploit

www.r-project.org/ (Official Product Homepage) product

cran.r-project.org/...windows/base/old/3.5.0/R-3.5.0-win.exe (Product Reference) product

www.vulncheck.com/...ui-local-buffer-overflow-seh-dep-bypass (VulnCheck Advisory: RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass) third-party-advisory

cve.org (CVE-2018-25258)

nvd.nist.gov (CVE-2018-25258)

Download JSON