{"id":"UBUNTU-CVE-2019-25695","details":"R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload is pasted into the Language for menus and messages field.","modified":"2026-05-20T16:06:19.599425118Z","published":"2026-04-12T13:16:00Z","upstream":["CVE-2019-25695"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-25695"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2019-25695"},{"type":"REPORT","url":"https://cloud.r-project.org/bin/windows/"},{"type":"REPORT","url":"https://www.exploit-db.com/exploits/46265"},{"type":"REPORT","url":"https://www.vulncheck.com/advisories/r-local-buffer-overflow-windows-xp-sp3"}],"affected":[{"package":{"name":"r-base","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/r-base?arch=source&distro=esm-infra-legacy%2Ftrusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.0.1-3ubuntu1","3.0.2-1ubuntu1","3.0.2-1ubuntu1.1~esm2"],"ecosystem_specific":{"binaries":[{"binary_version":"3.0.2-1ubuntu1.1~esm2","binary_name":"r-base"},{"binary_version":"3.0.2-1ubuntu1.1~esm2","binary_name":"r-base-core"},{"binary_version":"3.0.2-1ubuntu1.1~esm2","binary_name":"r-base-html"},{"binary_version":"3.0.2-1ubuntu1.1~esm2","binary_name":"r-doc-html"},{"binary_version":"3.0.2-1ubuntu1.1~esm2","binary_name":"r-doc-info"},{"binary_version":"3.0.2-1ubuntu1.1~esm2","binary_name":"r-doc-pdf"},{"binary_version":"3.0.2-1ubuntu1.1~esm2","binary_name":"r-mathlib"},{"binary_version":"3.0.2-1ubuntu1.1~esm2","binary_name":"r-recommended"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-25695.json"}},{"package":{"name":"r-base","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/r-base?arch=source&distro=esm-apps%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.2.2-1","3.2.2.20151203-1","3.2.3-1","3.2.3-2","3.2.3-4","3.2.3-4ubuntu0.1~esm3"],"ecosystem_specific":{"binaries":[{"binary_version":"3.2.3-4ubuntu0.1~esm3","binary_name":"r-base"},{"binary_version":"3.2.3-4ubuntu0.1~esm3","binary_name":"r-base-core"},{"binary_version":"3.2.3-4ubuntu0.1~esm3","binary_name":"r-base-html"},{"binary_version":"3.2.3-4ubuntu0.1~esm3","binary_name":"r-doc-html"},{"binary_version":"3.2.3-4ubuntu0.1~esm3","binary_name":"r-doc-info"},{"binary_version":"3.2.3-4ubuntu0.1~esm3","binary_name":"r-doc-pdf"},{"binary_version":"3.2.3-4ubuntu0.1~esm3","binary_name":"r-mathlib"},{"binary_version":"3.2.3-4ubuntu0.1~esm3","binary_name":"r-recommended"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-25695.json"}},{"package":{"name":"r-base","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/r-base?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.4.2-1ubuntu1","3.4.2-1ubuntu2","3.4.2-2ubuntu1","3.4.3-1","3.4.3-1build1","3.4.4-1","3.4.4-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.4.4-1ubuntu1","binary_name":"r-base"},{"binary_version":"3.4.4-1ubuntu1","binary_name":"r-base-core"},{"binary_version":"3.4.4-1ubuntu1","binary_name":"r-base-html"},{"binary_version":"3.4.4-1ubuntu1","binary_name":"r-doc-html"},{"binary_version":"3.4.4-1ubuntu1","binary_name":"r-doc-info"},{"binary_version":"3.4.4-1ubuntu1","binary_name":"r-doc-pdf"},{"binary_version":"3.4.4-1ubuntu1","binary_name":"r-mathlib"},{"binary_version":"3.4.4-1ubuntu1","binary_name":"r-recommended"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-25695.json"}},{"package":{"name":"r-base","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/r-base?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.6.1-4","3.6.1-7","3.6.2-2","3.6.2.20200221-1","3.6.2.20200221-1build1","3.6.3-2"],"ecosystem_specific":{"binaries":[{"binary_version":"3.6.3-2","binary_name":"r-base"},{"binary_version":"3.6.3-2","binary_name":"r-base-core"},{"binary_version":"3.6.3-2","binary_name":"r-base-html"},{"binary_version":"3.6.3-2","binary_name":"r-doc-html"},{"binary_version":"3.6.3-2","binary_name":"r-doc-info"},{"binary_version":"3.6.3-2","binary_name":"r-doc-pdf"},{"binary_version":"3.6.3-2","binary_name":"r-mathlib"},{"binary_version":"3.6.3-2","binary_name":"r-recommended"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-25695.json"}},{"package":{"name":"r-base","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/r-base?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.0.4-1build1","4.1.2-1ubuntu1","4.1.2-1ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"4.1.2-1ubuntu2","binary_name":"r-base"},{"binary_version":"4.1.2-1ubuntu2","binary_name":"r-base-core"},{"binary_version":"4.1.2-1ubuntu2","binary_name":"r-base-html"},{"binary_version":"4.1.2-1ubuntu2","binary_name":"r-doc-html"},{"binary_version":"4.1.2-1ubuntu2","binary_name":"r-doc-info"},{"binary_version":"4.1.2-1ubuntu2","binary_name":"r-doc-pdf"},{"binary_version":"4.1.2-1ubuntu2","binary_name":"r-mathlib"},{"binary_version":"4.1.2-1ubuntu2","binary_name":"r-recommended"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-25695.json"}},{"package":{"name":"r-base","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/r-base?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.3.1-4","4.3.2-1","4.3.2-1build1","4.3.3-2build1","4.3.3-2build2"],"ecosystem_specific":{"binaries":[{"binary_version":"4.3.3-2build2","binary_name":"r-base"},{"binary_version":"4.3.3-2build2","binary_name":"r-base-core"},{"binary_version":"4.3.3-2build2","binary_name":"r-base-html"},{"binary_version":"4.3.3-2build2","binary_name":"r-doc-html"},{"binary_version":"4.3.3-2build2","binary_name":"r-doc-info"},{"binary_version":"4.3.3-2build2","binary_name":"r-doc-pdf"},{"binary_version":"4.3.3-2build2","binary_name":"r-mathlib"},{"binary_version":"4.3.3-2build2","binary_name":"r-recommended"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-25695.json"}},{"package":{"name":"r-base","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/r-base?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.4.3-1","4.5.0-3","4.5.1-1"],"ecosystem_specific":{"binaries":[{"binary_version":"4.5.1-1","binary_name":"r-base"},{"binary_version":"4.5.1-1","binary_name":"r-base-core"},{"binary_version":"4.5.1-1","binary_name":"r-base-html"},{"binary_version":"4.5.1-1","binary_name":"r-doc-html"},{"binary_version":"4.5.1-1","binary_name":"r-doc-info"},{"binary_version":"4.5.1-1","binary_name":"r-doc-pdf"},{"binary_version":"4.5.1-1","binary_name":"r-mathlib"},{"binary_version":"4.5.1-1","binary_name":"r-recommended"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-25695.json"}},{"package":{"name":"r-base","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/r-base?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.5.1-1","4.5.2-1","4.5.2-1ubuntu1","4.5.2-1ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"4.5.2-1ubuntu2","binary_name":"r-base"},{"binary_version":"4.5.2-1ubuntu2","binary_name":"r-base-core"},{"binary_version":"4.5.2-1ubuntu2","binary_name":"r-base-html"},{"binary_version":"4.5.2-1ubuntu2","binary_name":"r-doc-html"},{"binary_version":"4.5.2-1ubuntu2","binary_name":"r-doc-info"},{"binary_version":"4.5.2-1ubuntu2","binary_name":"r-doc-pdf"},{"binary_version":"4.5.2-1ubuntu2","binary_name":"r-mathlib"},{"binary_version":"4.5.2-1ubuntu2","binary_name":"r-recommended"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-25695.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"type":"Ubuntu","score":"medium"}]}