CVE-2019-25634

8.4 HIGH

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by trigge...

Published: 2026-03-24 · Last updated: 2026-06-03

Severity and scoring

CVSS: 8.4 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787

Affected products

Vendor	Product
4mhz	base64_decoder

Description

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-RET gadget address, and uses an egghunter payload to locate and execute shellcode for code execution.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2019-25634
[Other]http://4mhz.de/b64dec.html
[Other]http://4mhz.de/download.php?file=b64dec-1-1-2.zip
[Exploit reference]https://www.exploit-db.com/exploits/46625
[Other]https://www.vulncheck.com/advisories/base64-decoder-local-buffer-overflow-seh-egghunter

Related CVEs

Same CWE

CVE-2026-47750 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
CVE-2026-47747 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
CVE-2026-47749 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
CVE-2026-12314 — Memory safety bug fixed in Thunderbird 152 (7.5 HIGH)
CVE-2026-12310 — Memory safety bug fixed in Thunderbird 152 (7.5 HIGH)