CVE-2023-29596
Description
Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an attacker to execute arbitrary code and cause a denial of service via the paq8 function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in cmix v.19 paq8 function allows denial of service and possible code execution via crafted input.
Vulnerability
A buffer overflow vulnerability exists in ByronKnoll Cmix version 19 in the paq8 function, specifically in FrenchStemmer::ConvertUTF8 at paq8.cpp:2502. The issue is triggered when processing a specially crafted input file with the -n flag, resulting in a memcpy-param-overlap condition as detected by AddressSanitizer [1].
Exploitation
An attacker can exploit this vulnerability by providing a malicious input file to cmix with the -n parameter. No authentication or special privileges are required, but local access to execute the binary is necessary. The crash occurs during compression, as shown in the backtrace: FrenchStemmer::ConvertUTF8 calls __asan_memcpy with overlapping memory ranges [1].
Impact
Successful exploitation can cause a denial of service (DoS) due to program crash. The description also indicates potential for arbitrary code execution, as memory corruption from a buffer overflow can be leveraged to execute attacker-controlled code, though no proof-of-concept is provided in the reference [1].
Mitigation
As of the reference date, no official patch or fix has been released. Users are advised to avoid using the -n flag with untrusted input files or to monitor the project for updates [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- ByronKnoll/Cmixdescription
- Range: =19
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.