Description
Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to overwrite the stack and trigger code execution.
Published: 2026-03-28
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Code Execution via Buffer Overflow
Action: Patch Immediately
AI Analysis

Impact

A buffer overflow vulnerability exists in Yasr Screen Reader version 0.6.9-5. The flaw is triggered when an attacker supplies an oversized argument to the -p command‑line parameter. An attacker who can run the program locally may craft a payload containing junk data, shellcode, and a return address to overwrite the stack, causing the application to crash or allowing arbitrary code to be executed.

Affected Systems

The vulnerability affects only Yasr Screen Reader version 0.6.9-5. Systems running this build or earlier are at risk; newer releases are not documented as affected.

Risk and Exploitability

The CVSS score of 8.6 signifies a high severity issue. Because exploitation requires local execution and the vulnerability is not listed in CISA’s KEV catalog, exposure is limited to users who can run Yasr on the target machine. Nevertheless, once the local attacker supplies a malicious -p argument, they can achieve complete control of the application and potentially the underlying system.

Generated by OpenCVE AI on March 28, 2026 at 13:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest Yasr release (e.g., 0.6.9-6 or newer) from the vendor’s website or source repository
  • If an update is not immediately available, restrict execution of yasr to trusted users only by adjusting file permissions or user group membership
  • As a temporary workaround, remove or disable the -p command‑line option from the execution environment to prevent exploitation

Generated by OpenCVE AI on March 28, 2026 at 13:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 28 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Description Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to overwrite the stack and trigger code execution.
Title Yasr 0.6.9-5 Buffer Overflow via Command-line Parameter
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-28T11:58:03.126Z

Reserved: 2026-03-28T11:33:27.876Z

Link: CVE-2016-20041

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-28T12:15:59.860

Modified: 2026-03-28T12:15:59.860

Link: CVE-2016-20041

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-29T20:32:29Z

Weaknesses