Vulnerability Description
Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation). This issue affects Apache NuttX: from 6.9 before 12.9.0. Users are recommended to upgrade to version 12.9.0, which fixes the issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Nuttx | >= 6.9, < 12.9.0 |
Related Weaknesses (CWE)
References
- https://github.com/apache/nuttx/pull/16000Issue TrackingThird Party Advisory
- https://lists.apache.org/thread/p4o2lcqgspx3ws1n2p4wmoqbqow1w1pwVendor Advisory
- http://www.openwall.com/lists/oss-security/2025/06/14/1Mailing ListVendor Advisory
FAQ
What is CVE-2025-47868?
CVE-2025-47868 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This stan...
How severe is CVE-2025-47868?
CVE-2025-47868 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-47868?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Nuttx.