CVE-2025-69720

HIGH7.3JSON export Create alert

Description

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Affected products

gnu / ncurses0 – 6.5-20251213

References

MAILING_LISThttps://marc.info/?l=ncurses-bug&m=176539968328570&w=2
MAILING_LISThttps://marc.info/?l=ncurses-bug&m=176540731801330&w=2
MAILING_LISThttps://marc.info/?l=ncurses-bug&m=176545557728083&w=2
MISChttps://github.com/Cao-Wuhui/CVE-2025-69720
MISChttps://invisible-island.net/archives/ncurses/6.5/
MISChttps://invisible-island.net/ncurses/