Capstone-engine Capstone — known CVE vulnerabilities
Every CVE whose affected-product data names Capstone-engine Capstone, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2017-6952 — CVSS 8.8 (high): Integer overflow in the cs_winkernel_malloc function in winkernel_mm.c in Capstone 3.0.4 and earlier allows attackers to cause a denial of…
CVE-2016-7151 — CVSS 5.5 (medium): Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a read memory access) in X86_insn_reg_intel in arch/X86/X86Mapping.c.
CVE-2025-67873 — CVSS 4.8 (medium): Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata…
CVE-2025-68114 — CVSS 4.8 (medium): Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStream_concat lets a malicious…