{"id":"CVE-2025-40843","details":"CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \n\n\n\n\nCodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command.\n\n\n\n\n\nThis issue affects CodeChecker: through 6.26.1.","aliases":["GHSA-5xf2-f6ch-6p8r","PYSEC-2025-100"],"modified":"2026-05-20T08:11:26.069430366Z","published":"2025-10-28T19:15:41.757Z","references":[{"type":"EVIDENCE","url":"https://github.com/Ericsson/codechecker/security/advisories/GHSA-5xf2-f6ch-6p8r"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ericsson/codechecker","events":[{"introduced":"0"},{"fixed":"fa596ef3c6e5245d18b494683adaeb42af265cad"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.26.2"}]}}],"versions":["v4.0","v5.0","v5.1","v5.10","v5.2","v5.3","v5.4","v5.5","v5.6","v5.7","v5.7.1","v5.8","v5.9","v6.0","v6.0.1","v6.1","v6.1.1","v6.10.0","v6.12.0","v6.13.0","v6.14.0","v6.15.0","v6.16.0","v6.17.0","v6.18.0","v6.19.0","v6.2","v6.2.1","v6.20.0","v6.21.0","v6.22.0","v6.23.0","v6.23.0-rc1","v6.24.0","v6.25.0","v6.26.0","v6.26.1","v6.3","v6.4","v6.5","v6.5.1","v6.6.0","v6.7.0","v6.7.1","v6.8.0","v6.8.1","v6.9.0","v6.9.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40843.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}