Description
RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.
Published: 2026-04-12
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Arbitrary Code Execution
Action: Apply Patch
AI Analysis

Impact

A stack‑based buffer overflow has been discovered in the Preferences dialog of RGui version 3.5.0. The flaw allows a local attacker who can manipulate the "Language for menus and messages" field to overwrite the stack, use a return‑oriented programming chain to allocate executable memory, and ultimately execute arbitrary code. The weakness is a classic buffer overflow that defeats DEP protections via structured exception handling exploitation.

Affected Systems

The vulnerability affects only the Windows 32‑bit or 64‑bit executable of RGui 3.5.0 distributed by the R‑Project. Earlier or later releases of RGui are not impacted.

Risk and Exploitability

The CVSS base score of 8.6 signals a high‑severity issue. No EPSS value is reported, and the vulnerability is not catalogued in the CISA KEV list. Because the exploit requires local access to the RGui application, the attack vector is local; however, once successfully exploited the adversary can take arbitrary code execution on the affected system, posing a severe risk to confidentiality, integrity, and availability. The lack of a KEV listing and unavailable EPSS score do not undercut the immediate threat posed by the high CVSS score and the potential for local code compromise.

Generated by OpenCVE AI on April 12, 2026 at 13:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest RGui release from the R‑Project website, which removes the vulnerable code.
  • If an update cannot be applied, limit or revoke local user access to the RGui executable or uninstall the application entirely to prevent exploitation.
  • Continuously monitor system logs for anomalous RGui activity and keep other system components patched to reduce the overall attack surface.

Generated by OpenCVE AI on April 12, 2026 at 13:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared R-project
R-project rgui
Vendors & Products R-project
R-project rgui

Sun, 12 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Description RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.
Title RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

R-project Rgui
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-13T18:06:18.442Z

Reserved: 2026-04-12T12:13:36.489Z

Link: CVE-2018-25258

cve-icon Vulnrichment

Updated: 2026-04-13T17:58:12.327Z

cve-icon NVD

Status : Deferred

Published: 2026-04-12T13:16:31.740

Modified: 2026-04-15T15:00:32.790

Link: CVE-2018-25258

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:56:02Z

Weaknesses