High severity8.4NVD Advisory· Published Apr 12, 2026· Updated Apr 15, 2026

CVE-2019-25695

Description

R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload is pasted into the Language for menus and messages field.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cloud.r-project.org/bin/windows/nvd
www.exploit-db.com/exploits/46265nvd
www.vulncheck.com/advisories/r-local-buffer-overflow-windows-xp-sp3nvd

News mentions

No linked articles in our index yet.

cvss	0.546
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000