Description
TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can trigger the overflow through command-line arguments passed to the application, leveraging ROP gadgets to bypass protections and execute shellcode in the application context.
Published: 2026-03-28
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a stack‑based buffer overflow caused by inadequate boundary checks on user‑supplied input. It allows an attacker to execute arbitrary code within the TiEmu application context using crafted command‑line arguments. This weakness is described as CWE‑787, enabling a potential remote code execution scenario that compromises confidentiality, integrity, and availability of systems where the software runs.

Affected Systems

The affected product is TiEmu for the TI calculator platform, specifically version 2.08 and earlier releases. These versions accept command‑line arguments that are not properly validated.

Risk and Exploitability

The CVSS score of 9.3 indicates high severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector involves supplying crafted arguments to TiEmu at launch, allowing an attacker to execute shellcode through ROP gadgets. Exploitation requires local access to the machine running TiEmu and the ability to invoke the program with malicious parameters.

Generated by OpenCVE AI on April 8, 2026 at 21:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade TiEmu to a version newer than 2.08 that contains the stack‑based buffer overflow patch.
  • If an update is unavailable, limit the use of TiEmu to trusted input sources and avoid launching it with unverified command‑line arguments.
  • Verify that any scripts or automated tasks invoking TiEmu validate argument lengths to prevent overflow.

Generated by OpenCVE AI on April 8, 2026 at 21:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ticalc:tiemu:*:*:*:*:*:*:*:*

Mon, 30 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Ticalc
Ticalc tiemu
Vendors & Products Ticalc
Ticalc tiemu

Sat, 28 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Description TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can trigger the overflow through command-line arguments passed to the application, leveraging ROP gadgets to bypass protections and execute shellcode in the application context.
Title TiEmu 2.08 Stack-Based Buffer Overflow Vulnerability
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Ticalc Tiemu
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T15:51:41.449Z

Reserved: 2026-03-28T11:42:36.850Z

Link: CVE-2017-20225

cve-icon Vulnrichment

Updated: 2026-03-30T15:51:36.819Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-28T12:16:01.613

Modified: 2026-04-08T19:49:58.627

Link: CVE-2017-20225

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:29:32Z

Weaknesses