CVE-2019-25656
Local Buffer Overflow in R i386 3.5.0 GUI Enables Code Execution
Publication date: 2026-04-05
Last updated on: 2026-04-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in R i386 version 3.5.0 within the GUI Preferences dialog. It is a local buffer overflow vulnerability that allows local attackers to overwrite the structured exception handler (SEH) by providing malicious input.
Specifically, attackers can craft a payload string in the 'Language for menus and messages' field to overwrite SEH records, which can lead to arbitrary code execution, such as running a calculator or other shellcode.
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to execute arbitrary code on the affected system by exploiting the buffer overflow in the GUI Preferences dialog.
- Potential impacts include unauthorized code execution.
- Compromise of system integrity and confidentiality.
- Possible disruption of availability if malicious payloads are used.