capstone-engine/capstone

GitHub

github.com

www.capstone-engine.org

Releases54

Frequency2 months 3 weeks

Last Release 6 days ago

Stars8.8K

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-68114 ↗	Dec 17, 2025Wednesday, 17 December 2025, 22:16	4.8 MEDIUM	—
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStream_concat lets a malicious cs_opt_mem.vsnprintf drive SStream’s index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Commit 2c7797182a1618be12017d7d41e0b6581d5d529e fixes the issue.
CVE-2025-67873 ↗	Dec 17, 2025Wednesday, 17 December 2025, 22:16	4.8 MEDIUM	—
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue.
CVE-2016-7151 ↗	May 15, 2019Wednesday, 15 May 2019, 14:29	—	4.3 MEDIUM
Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a read memory access) in X86_insn_reg_intel in arch/X86/X86Mapping.c.