CVE-2025-47868
Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition.
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition.
Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation). This issue affects Apache NuttX: from 6.9 before 12.9.0. Users are recommended to upgrade to version 12.9.0, which fixes the issue.
Reserved 2025-05-12 | Published 2025-06-16 | Updated 2025-06-16 | Assigner apacheCWE-122 Heap-based Buffer Overflow
Chánh Phạm <chanhphamviet@gmail.com>
Nathan Hartman <hartman.nathan@gmail.com>
Tomek CEDRO <tomek@cedro.info>
Alan Carvalho de Assis <acassis@gmail.com>
Alin Jerpelea <jerpelea@gmail.com>
Lee, Lup Yuen <luppy@appkaki.com>
Arnout Engelen <engelen@apache.org>
github.com/apache/nuttx/pull/16000
lists.apache.org/thread/p4o2lcqgspx3ws1n2p4wmoqbqow1w1pw
Support options
