CVE-2025-34449 | THREATINT

Description

Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the sc_device_msg_deserialize() function. A compromised device can send crafted messages that cause out-of-bounds reads, which may result in memory corruption or a denial-of-service condition. This vulnerability may allow further exploitation on the host system.

PUBLISHED Reserved 2025-04-15 | Published 2025-12-18 | Updated 2025-12-22 | Assigner VulnCheck

MEDIUM: 6.9CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Product status

Default status

unaffected

Any version

affected

commit 3e40b24 (custom)

unaffected

Credits

Vlatko Kosturjak with Marlink Cyber finder

References

github.com/...SAID-2025-003-scrcpy-global-buffer-overflow.md exploit

github.com/...SAID-2025-003-scrcpy-global-buffer-overflow.md technical-description exploit

github.com/Genymobile/scrcpy/issues/6415 issue-tracking

github.com/Genymobile/scrcpy/commit/3e40b24 patch

www.vulncheck.com/...enymobile-scrcpy-global-buffer-overflow third-party-advisory

cve.org (CVE-2025-34449)

nvd.nist.gov (CVE-2025-34449)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.

help @ threatint.eu