Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.This issue affects doslib: before doslib-20250729.
AnalysisAI
Buffer overflow in doslib versions prior to 20250729 allows local attackers with user interaction to achieve full system compromise including code execution, data theft, and denial of service. The vulnerability requires local access and user interaction to trigger, but once exploited grants complete control over affected systems.
Technical ContextAI
Doslib is a development library by joncampbell123 for creating MS-DOS applications and tools. The affected component is identified via CPE cpe:2.3:a:joncampbell123:doslib:*:*:*:*:*:*:*:*. The vulnerability is rooted in CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a class of flaws where software performs operations on a memory buffer but can read from or write to a memory location outside the intended boundary. This classic memory safety issue can lead to crashes, data corruption, or arbitrary code execution when an attacker can control the out-of-bounds access.
RemediationAI
Upgrade doslib to version doslib-20250729 or later, which contains the fix for this buffer overflow vulnerability. The patch is available via GitHub pull request at https://github.com/joncampbell123/doslib/pull/65. Organizations using doslib in their development environments should update their toolchains to the patched version. Until patching is completed, exercise caution when processing untrusted input files or data with doslib-based tools, and consider restricting the use of vulnerable versions to trusted data sources only in isolated development environments.
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14754