CVE-2025-34449
Global Buffer Overflow in scrcpy Causes Memory Corruption
Publication date: 2025-12-18
Last updated on: 2025-12-18
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| genymobile | scrcpy | 3.3.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a global buffer overflow in Genymobile/scrcpy versions up to 3.3.3 and prior to a specific commit. It occurs in the function sc_read32be, which is called through sc_device_msg_deserialize() and process_msgs(). When processing specially crafted device messages, the software can read beyond the bounds of a global buffer, causing memory corruption or crashes.
How can this vulnerability impact me? :
The vulnerability can cause a denial of service by crashing the application. Under certain conditions, it may also be exploited further depending on the execution environment and available mitigations, potentially leading to more severe impacts.