NIXPKGS-2026-0001

published on 11 Jan 2026

Permalink CVE-2025-34449

updated 1 month, 1 week ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 1 week ago
@LeSuisse removed package qtscrcpy 1 month, 1 week ago
@LeSuisse accepted 1 month, 1 week ago
@LeSuisse published on GitHub 1 month, 1 week ago

Genymobile/scrcpy <= 3.3.3 Global Buffer Overflow

Genymobile/scrcpy versions up to and including 3.3.3 and prior to commit 3e40b24 contain a global buffer overflow vulnerability in the function sc_read32be, invoked via sc_device_msg_deserialize() and process_msgs(). Processing crafted device messages can cause reads beyond the bounds of a global buffer, leading to memory corruption or crashes. This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations.

Affected products

scrcpy

==commit 3e40b24
=<3.3.3

Matching in nixpkgs

pkgs.scrcpy

Display and control Android devices over USB or TCP/IP

nixos-unstable 3.3.3
- nixpkgs-unstable 3.3.3
- nixos-unstable-small 3.3.3

Package maintainers

@DeltaEvo Duarte David <deltaduartedavid@gmail.com>
@ryand56 Ryan Omasta <git@ryand.ca>

Patch: https://github.com/Genymobile/scrcpy/commit/3e40b2473772cea3a23d4932088fd0bc4cc0f52c

Fixed in 3.3.4 https://github.com/Genymobile/scrcpy/releases/tag/v3.3.4

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0001

Affected products

Matching in nixpkgs

pkgs.scrcpy

Package maintainers