Osslsigncode
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-70888 | Cri | 0.57 | 9.8 | 0.00 | Mar 25, 2026 | An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component | ||
| CVE-2026-39853 | Hig | 0.44 | 7.8 | 0.00 | Apr 9, 2026 | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS#7 signature, the code copies the digest value from a… | ||
| CVE-2026-39856 | Med | 0.29 | 5.5 | 0.00 | Apr 9, 2026 | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code (pe_page_hash_calc()). When processing PE sections for page… | ||
| CVE-2026-39855 | Med | 0.29 | 5.5 | 0.00 | Apr 9, 2026 | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code (pe_page_hash_calc()). When page hash processing is performed on a… | ||
| CVE-2023-36377 | 0.00 | — | 0.00 | Jul 3, 2023 | Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files. |
- risk 0.57cvss 9.8epss 0.00
An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component
- risk 0.44cvss 7.8epss 0.00
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS#7 signature, the code copies the digest value from a…
- risk 0.29cvss 5.5epss 0.00
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code (pe_page_hash_calc()). When processing PE sections for page…
- risk 0.29cvss 5.5epss 0.00
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code (pe_page_hash_calc()). When page hash processing is performed on a…
- CVE-2023-36377Jul 3, 2023risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files.