{"id":"PYSEC-2025-100","details":"CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \n\n\n\n\nCodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command.\n\n\n\n\n\nThis issue affects CodeChecker: through 6.26.1.","aliases":["CVE-2025-40843","GHSA-5xf2-f6ch-6p8r"],"modified":"2026-05-20T09:18:55.290654Z","published":"2025-10-28T19:15:41.757Z","references":[{"type":"EVIDENCE","url":"https://github.com/Ericsson/codechecker/security/advisories/GHSA-5xf2-f6ch-6p8r"}],"affected":[{"package":{"name":"codechecker","ecosystem":"PyPI","purl":"pkg:pypi/codechecker"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.26.2"}]}],"versions":["6.16.0","6.16.0a1","6.17.0","6.18.0","6.18.1","6.18.2","6.19.0","6.19.1","6.20.0","6.20.0rc1","6.21.0","6.21.0rc1","6.22.0","6.22.0rc1","6.22.1","6.22.2","6.22.2.post1","6.23.0","6.23.0rc2","6.23.1","6.24.0","6.24.1","6.24.2","6.24.4","6.25.0","6.25.1","6.26.0","6.26.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/codechecker/PYSEC-2025-100.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}