#1126286 opencc: CVE-2025-15536

Package:
src:opencc
Source:
src:opencc
Submitter:
Salvatore Bonaccorso
Date:
2026-02-23 18:03:20 UTC
Severity:
normal
Tags:
#1126286#5
Date:
2026-01-23 16:51:38 UTC
From:
To:
Hi,

The following vulnerability was published for opencc.

CVE-2025-15536[0]:
| A weakness has been identified in BYVoid OpenCC up to 1.1.9. This
| vulnerability affects the function opencc::MaxMatchSegmentation of
| the file src/MaxMatchSegmentation.cpp. This manipulation causes
| heap-based buffer overflow. The attack is restricted to local
| execution. The exploit has been made available to the public and
| could be used for attacks. Patch name:
| 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is
| recommended to deploy a patch.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-15536
https://www.cve.org/CVERecord?id=CVE-2025-15536
[1] https://github.com/BYVoid/OpenCC/issues/997
[2] https://github.com/BYVoid/OpenCC/pull/1005
[3] https://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

#1126286#10
Date:
2026-01-23 19:34:04 UTC
From:
To:
在 2026/1/23 11:51, Salvatore Bonaccorso 写道:

The targeted fix was accidentally cherry-picked in the 1.1.9+ds1-4 upload.
Updating the affecting version accordingly.

The fix in stable/oldstable may need to be handled separately later.

Thanks,
Boyuan Yang

#1126286#17
Date:
2026-01-23 19:56:20 UTC
From:
To:
Hi Boyuan,

Thanks, I have updated the security-tracker metadata accordingly.

Perfect. As it won't warrant a DSA, can you please schedule fixes via
the upcoming point releases once you had time to look in backporting
fixes accordingly?

Regards,
Salvatore