Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses

Filter by:

With package: scrcpy

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2025-34449

created 3 months, 3 weeks ago

Genymobile/scrcpy <= 3.3.3 Global Buffer Overflow

Genymobile/scrcpy versions up to and including 3.3.3 and prior to commit 3e40b24 contain a global buffer overflow vulnerability in the function sc_read32be, invoked via sc_device_msg_deserialize() and process_msgs(). Processing crafted device messages can cause reads beyond the bounds of a global buffer, leading to memory corruption or crashes. This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations.

References

https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-003… technical-descriptionexploit
https://github.com/Genymobile/scrcpy/issues/6415 issue-tracking
https://github.com/Genymobile/scrcpy/commit/3e40b24 patch
https://www.vulncheck.com/advisories/genymobile-scrcpy-global-buffer-overflow third-party-advisory

Affected products

scrcpy

=<3.3.3
==commit 3e40b24

Matching in nixpkgs

pkgs.scrcpy

Display and control Android devices over USB or TCP/IP

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.3.3
- nixpkgs-25.11-darwin 3.3.3

pkgs.qtscrcpy

Android real-time display control software

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.3.3
- nixpkgs-25.11-darwin 3.3.3

Package maintainers

@Aleksanaa Aleksana QwQ <me@aleksana.moe>
@Daru-san Daru <zadarumaka@proton.me>
@DeltaEvo Duarte David <deltaduartedavid@gmail.com>
@ryand56 Ryan Omasta <git@ryand.ca>

1