Vulnerability Details CVE-2025-47868
Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation).
This issue affects Apache NuttX: from 6.9 before 12.9.0.
Users are recommended to upgrade to version 12.9.0, which fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.6%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2025-47868
-
cpe:2.3:a:apache:nuttx:10.0.0
-
cpe:2.3:a:apache:nuttx:10.0.1
-
cpe:2.3:a:apache:nuttx:10.1.0
-
cpe:2.3:a:apache:nuttx:6.10
-
cpe:2.3:a:apache:nuttx:6.11
-
cpe:2.3:a:apache:nuttx:6.12
-
cpe:2.3:a:apache:nuttx:6.13
-
cpe:2.3:a:apache:nuttx:6.14
-
cpe:2.3:a:apache:nuttx:6.15
-
cpe:2.3:a:apache:nuttx:6.16
-
cpe:2.3:a:apache:nuttx:6.17
-
cpe:2.3:a:apache:nuttx:6.18
-
cpe:2.3:a:apache:nuttx:6.19
-
cpe:2.3:a:apache:nuttx:6.20
-
cpe:2.3:a:apache:nuttx:6.21
-
cpe:2.3:a:apache:nuttx:6.22
-
cpe:2.3:a:apache:nuttx:6.23
-
cpe:2.3:a:apache:nuttx:6.24
-
cpe:2.3:a:apache:nuttx:6.25
-
cpe:2.3:a:apache:nuttx:6.26
-
cpe:2.3:a:apache:nuttx:6.27
-
cpe:2.3:a:apache:nuttx:6.28
-
cpe:2.3:a:apache:nuttx:6.29
-
cpe:2.3:a:apache:nuttx:6.30
-
cpe:2.3:a:apache:nuttx:6.31
-
cpe:2.3:a:apache:nuttx:6.32
-
cpe:2.3:a:apache:nuttx:6.33
-
cpe:2.3:a:apache:nuttx:6.9
-
cpe:2.3:a:apache:nuttx:7.1
-
cpe:2.3:a:apache:nuttx:7.10
-
cpe:2.3:a:apache:nuttx:7.11
-
cpe:2.3:a:apache:nuttx:7.12
-
cpe:2.3:a:apache:nuttx:7.13
-
cpe:2.3:a:apache:nuttx:7.14
-
cpe:2.3:a:apache:nuttx:7.15
-
cpe:2.3:a:apache:nuttx:7.16
-
cpe:2.3:a:apache:nuttx:7.17
-
cpe:2.3:a:apache:nuttx:7.18
-
cpe:2.3:a:apache:nuttx:7.19
-
cpe:2.3:a:apache:nuttx:7.2
-
cpe:2.3:a:apache:nuttx:7.20
-
cpe:2.3:a:apache:nuttx:7.21
-
cpe:2.3:a:apache:nuttx:7.22
-
cpe:2.3:a:apache:nuttx:7.23
-
cpe:2.3:a:apache:nuttx:7.24
-
cpe:2.3:a:apache:nuttx:7.25
-
cpe:2.3:a:apache:nuttx:7.26
-
cpe:2.3:a:apache:nuttx:7.27
-
cpe:2.3:a:apache:nuttx:7.28
-
cpe:2.3:a:apache:nuttx:7.29
-
cpe:2.3:a:apache:nuttx:7.3
-
cpe:2.3:a:apache:nuttx:7.30
-
cpe:2.3:a:apache:nuttx:7.31
-
cpe:2.3:a:apache:nuttx:7.4
-
cpe:2.3:a:apache:nuttx:7.5
-
cpe:2.3:a:apache:nuttx:7.6
-
cpe:2.3:a:apache:nuttx:7.7
-
cpe:2.3:a:apache:nuttx:7.8
-
cpe:2.3:a:apache:nuttx:7.9
-
cpe:2.3:a:apache:nuttx:8.1
-
cpe:2.3:a:apache:nuttx:8.2
-
cpe:2.3:a:apache:nuttx:9.0.0
-
cpe:2.3:a:apache:nuttx:9.1.0