{"id":"CVE-2025-34449","details":"Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the sc_device_msg_deserialize() function. A compromised device can send crafted messages that cause out-of-bounds reads, which may result in memory corruption or a denial-of-service condition. This vulnerability may allow further exploitation on the host system.","modified":"2026-04-10T05:26:32.771449Z","published":"2025-12-18T22:15:56.003Z","references":[{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/genymobile-scrcpy-global-buffer-overflow"},{"type":"FIX","url":"https://github.com/Genymobile/scrcpy/commit/3e40b24"},{"type":"FIX","url":"https://github.com/Genymobile/scrcpy/issues/6415"},{"type":"EVIDENCE","url":"https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-003-scrcpy-global-buffer-overflow.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/genymobile/scrcpy","events":[{"introduced":"0"},{"fixed":"fb6381f5b9bb96f3fa823d899f4c32de2ec84ab3"},{"fixed":"3e40b24"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.3.4"}]}}],"versions":["v1.0","v1.1","v1.10","v1.11","v1.12","v1.12.1","v1.13","v1.14","v1.15","v1.15.1","v1.16","v1.17","v1.18","v1.19","v1.2","v1.20","v1.21","v1.22","v1.23","v1.24","v1.25","v1.3","v1.4","v1.5","v1.5-fixversion","v1.6","v1.7","v1.8","v2.0","v2.0-install-release","v2.1","v2.1-install-release","v2.1.1","v2.1.1-install-release","v2.2","v2.2-install-release","v2.3","v2.3-install-release","v2.3.1","v2.3.1-install-release","v2.4","v2.4-install-release","v2.5","v2.5-install-release","v2.6","v2.6-install-release","v2.6.1","v2.6.1-install-release","v2.7","v3.0","v3.0.1","v3.0.2","v3.1","v3.2","v3.3","v3.3.1","v3.3.2","v3.3.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34449.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}