Osslsigncode Project Osslsigncode — known CVE vulnerabilities
Every CVE whose affected-product data names Osslsigncode Project Osslsigncode, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2025-70888 — CVSS 9.8 (critical): An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c…
CVE-2023-36377 — CVSS 7.8 (high): Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted…
CVE-2026-39853 — CVSS 7.8 (high): osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists…
CVE-2026-39855 — CVSS 5.5 (medium): osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in…
CVE-2026-39856 — CVSS 5.5 (medium): osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in…