CVE-2026-39855

MEDIUM EPSS 4.0%
Published Apr 9, 20262mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 9, 2026 2mo ago
Last Modified Jun 17, 2026 2w ago

Description

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code (pe_page_hash_calc()). When page hash processing is performed on a PE file, the function subtracts hdrsize from pagesize without first validating that pagesize >= hdrsize. If a malicious PE file sets SizeOfHeaders (hdrsize) larger than SectionAlignment (pagesize), the subtraction underflows and produces a very large unsigned length. The code allocates a zero-filled buffer of pagesize bytes and then attempts to hash pagesize - hdrsize bytes from that buffer. After the underflow, this results in an out-of-bounds read from the heap and can crash the process. The vulnerability can be triggered while signing a malicious PE file with page hashing enabled (-ph), or while verifying a malicious signed PE file that already contains page hashes. Verification of an already signed file does not require the verifier to pass -ph. This vulnerability is fixed in 2.13.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 3

CWE-125 Out-of-bounds Read Memory Safety
CWE-190 Integer Overflow or Wraparound Numeric Error
CWE-191

Affected Products 1

VendorProductVersionRange
osslsigncode_projectosslsigncode* <2.13

References 3

  • github.com https://github.com/mtrojnar/osslsigncode/commit/2a5409b7c4b6c6fad2b093531e8fea6cf08e1568
    Patch
  • github.com https://github.com/mtrojnar/osslsigncode/releases/tag/2.13
    ProductRelease Notes
  • github.com https://github.com/mtrojnar/osslsigncode/security/advisories/GHSA-76vv-x5rr-q3mr
    PatchVendor Advisory

Remediation

  • github.com https://github.com/mtrojnar/osslsigncode/commit/2a5409b7c4b6c6fad2b093531e8fea6cf08e1568
    Patch
  • github.com https://github.com/mtrojnar/osslsigncode/security/advisories/GHSA-76vv-x5rr-q3mr
    PatchVendor Advisory