Primary

Context

Yasr Screen Reader Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A buffer overflow vulnerability has been identified in Yasr Screen Reader version 0.6.9-5. This vulnerability allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the '-p' parameter. Exploitation involves invoking Yasr with a crafted payload that includes junk data, shellcode, and a return address, overwriting the stack to trigger code execution.

Impact

Exploitation of this vulnerability can lead to a local denial-of-service condition or allow for arbitrary code execution with the privileges of the user running Yasr.

Reproduction

The vulnerability can be reproduced by using Yasr version 0.6.9-5 and supplying an oversized argument to the '-p' parameter. This can be done by including approximately 298 bytes of junk data followed by shellcode, NOP instructions, and a return address to overwrite the stack and execute arbitrary code.

Added: Mar 28, 2026, 12:23 PM

Updated: Mar 28, 2026, 12:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.0

remediation

0.0

relevance

4.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.0

remediation

0.0

relevance

4.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Yasr Screen Reader Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating