CVE-2023-36377

CVE-2023-36377 affects osslsigncode, a signing tool. A Buffer Overflow in osslsigncode v2.3 and earlier can allow local arbitrary code execution when signing crafted files (.exe/.sys/.dll). Multiple Debian LTS advisories document affected package osslsigncode and fixes via upgraded versions: Debi...

CVE-2026-39856

osslsigncode (before 2.13) has an out-of-bounds read in PE page-hash calculation (pe_page_hash_calc) when processing PE sections. The code uses PointerToRawData and SizeOfRawData from section headers without ensuring the referenced region lies within the mapped file, allowing an attacker to craft...

CVE-2026-39853

osslsigncode contains a stack buffer overflow in its signature verification paths (PE, MSI, CAB, script) when verifying PKCS#7 signatures. During digest copy from SpcIndirectDataContent into a fixed-size stack buffer (mdbuf[EVP_MAX_MD_SIZE], 64 bytes), the code does not validate the source length...

CVE-2025-70888

CVE-2025-70888 describes a privilege-escalation flaw in the Osslsigncode project (mtrojnar) affecting version 2.10 and earlier, exploitable via the osslsigncode.c component. The connected sources confirm the vulnerability exists in osslsigncode.c and indicate the affected release range (≤ v2.10)....

CVE-2026-39855

osslsigncode prior to 2.13 contains an integer underflow in the PE page-hash calculation (pe_page_hash_calc). If SizeOfHeaders (hdrsize) > SectionAlignment (pagesize), hdrsize is subtracted from pagesize without validation, producing a large unsigned length. The code allocates a zero-filled bu...