VYPR

Osslsigncode

by Osslsigncode Project

Source repositories

CVEs (5)

  • CVE-2025-70888CriMar 25, 2026
    risk 0.57cvss 9.8epss 0.00

    An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component

  • CVE-2026-39853HigApr 9, 2026
    risk 0.44cvss 7.8epss 0.00

    osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS#7 signature, the code copies the digest value from a…

  • CVE-2026-39856MedApr 9, 2026
    risk 0.29cvss 5.5epss 0.00

    osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code (pe_page_hash_calc()). When processing PE sections for page…

  • CVE-2026-39855MedApr 9, 2026
    risk 0.29cvss 5.5epss 0.00

    osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code (pe_page_hash_calc()). When page hash processing is performed on a…

  • CVE-2023-36377Jul 3, 2023
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files.