{"id":"AZL-72818","summary":"CVE-2025-67873 affecting package capstone 4.0.2-4","details":"Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue.","modified":"2026-04-21T04:33:43.284926Z","published":"2025-12-17T22:16:00Z","upstream":["CVE-2025-67873"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67873"}],"affected":[{"package":{"name":"capstone","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/capstone"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"4.0.2-4"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-72818.json"}}],"schema_version":"1.7.5"}