Description
A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks.
Recommendation
Update the opencc package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.1.9
- Patched version(s): 1.2.0
References
Related Issues
- Open Chinese Convert subject to Denial of Service via Out-of-bounds Read - CVE-2018-16982
- OpenCC has an Out-of-bounds read when processing truncated UTF-8 input - Vulnerability
- lobe-chat has an Open Redirect - CVE-2025-59426
- ajv has ReDoS when using `$data` option - CVE-2025-69873
You might also like:
- Tags:
- npm
- opencc
Anything's wrong? Let us know Last updated on February 06, 2026