CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-1471: Eclipse OMR: Buffer overflow vulnerability

7.1 CVSS

Description

In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized correctly and checked appropriately to prevent buffer overflows.

Classification

CVE ID: CVE-2025-1471

CVSS Base Severity: HIGH

CVSS Base Score: 7.1

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Problem Types

CWE-787 Out-of-bounds Write

Affected Products

Vendor: Eclipse Foundation

Product: Eclipse OMR

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 0.86% (scored less or equal to compared to others)

EPSS Date: 2025-03-22 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1471
https://github.com/eclipse-omr/omr/pull/7658
https://gitlab.eclipse.org/security/cve-assignement/-/issues/55

Timeline

2025-02-21 11:40:19 UTC
CVE

Eclipse OMR: Buffer overflow vulnerability