Low severity1.9OSV Advisory· Published Dec 31, 2025· Updated Apr 15, 2026

CVE-2025-11964

Description

On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf_16le_to_utf_8_truncated() can write data beyond the end of the provided buffer.

Affected products

The Tcpdump Group/LibpcapOSV
Range: libpcap-0.6.1, libpcap-0.7.1, libpcap-0.8-bp, …

Patches

7fabf607f231

https://github.com/the-tcpdump-group/libpcapvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/the-tcpdump-group/libpcap/commit/7fabf607f2319a36a0bd78444247180acb838e69nvd

News mentions

No linked articles in our index yet.

cvss	0.124
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000