Nixpkgs Security Tracker

Login with GitHub

Details of issue NIXPKGS-2026-0066

NIXPKGS-2026-0066
published on 21 Jan 2026
Permalink CVE-2025-15536
updated 1 month ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month ago
  • @LeSuisse removed
    2 packages
    • python312Packages.opencc
    • python313Packages.opencc
    1 month ago
  • @LeSuisse accepted 1 month ago
  • @LeSuisse published on GitHub 1 month ago
BYVoid OpenCC MaxMatchSegmentation.cpp MaxMatchSegmentation heap-based overflow

A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. Patch name: 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is recommended to deploy a patch.

Affected products

OpenCC
  • ==1.1.1
  • ==1.1.6
  • ==1.1.5
  • ==1.1.9
  • ==1.1.0
  • ==1.1.4
  • ==1.1.3
  • ==1.1.7
  • ==1.1.2
  • ==1.1.8

Matching in nixpkgs

pkgs.opencc

Project for conversion between Traditional and Simplified Chinese

Package maintainers

Upstream fix: https://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec