Description
R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload is pasted into the Language for menus and messages field.
Published: 2026-04-12
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution
Action: Patch or Update
AI Analysis

Impact

R 3.4.4 for Windows XP SP3 contains a local buffer overflow in the GUI Preferences 'Language' field. An attacker who can input data into this field can craft a 292‑byte payload containing a JMP ESP instruction that causes the program to execute arbitrary code, such as launching calc.exe. The effect is a full compromise of the R process and the underlying OS on the affected machine.

Affected Systems

The affected product is the R Programming Language version 3.4.4 running on Windows XP Service Pack 3. Users running this specific version of R on that operating system are at risk of exploitation.

Risk and Exploitability

The vulnerability has a CVSS score of 8.6, indicating high severity. No EPSS score is available and it is not listed in the CISA KEV catalog. The attack vector is local; an attacker must have local access to paste the malicious string into the Preferences window. Once exploited, the attacker can execute any code with the privileges of the R process, potentially affecting confidentiality, integrity, and availability of the affected system.

Generated by OpenCVE AI on April 12, 2026 at 13:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install a later version of R that contains the buffer overflow fix. For example, upgrade to R 3.5 or newer released after 3.4.4.
  • If an upgrade is not possible, restrict usage of the R GUI Preferences field or lock down file access to the R installation to prevent a local user from injecting malicious data.
  • Consider removing legacy Windows XP SP3 systems from the network or migrating to an OS that still receives security updates for reduced exposure.

Generated by OpenCVE AI on April 12, 2026 at 13:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared R-project
R-project r
Vendors & Products R-project
R-project r

Mon, 13 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Sun, 12 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Description R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload is pasted into the Language for menus and messages field.
Title R 3.4.4 Local Buffer Overflow Windows XP SP3
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

R-project R
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-13T18:16:31.139Z

Reserved: 2026-04-05T15:34:46.394Z

Link: CVE-2019-25695

cve-icon Vulnrichment

Updated: 2026-04-13T15:51:11.031Z

cve-icon NVD

Status : Deferred

Published: 2026-04-12T13:16:32.443

Modified: 2026-04-15T15:00:32.790

Link: CVE-2019-25695

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-12T12:28:47Z

Links: CVE-2019-25695 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:55:58Z

Weaknesses