Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-1471

In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized correctly and checked appropriately to prevent buffer overflows.

Published

2025-02-21T10:15:11.413

Last Modified

2025-03-05T19:06:42.290

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-787
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	eclipse	omr	≤ 0.4.0	Yes

References

https://github.com/eclipse-omr/omr/pull/7658 Patch, Vendor Advisory ([email protected])
https://gitlab.eclipse.org/security/cve-assignement/-/issues/55 Issue Tracking, Vendor Advisory ([email protected])