CVE-2025-34449

Publication date 19 December 2025

Last updated 19 December 2025

Ubuntu priority

Description

Genymobile/scrcpy versions up to and including 3.3.3 and prior to commit 3e40b24 contain a global buffer overflow vulnerability in the function sc_read32be, invoked via sc_device_msg_deserialize() and process_msgs(). Processing crafted device messages can cause reads beyond the bounds of a global buffer, leading to memory corruption or crashes. This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
scrcpy	25.10 questing	Needs evaluation
	25.04 plucky	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2025-34449
https://github.com/Genymobile/scrcpy/commit/3e40b24
https://github.com/Genymobile/scrcpy/issues/6415
https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-003-scrcpy-global-buffer-overflow.md
https://www.vulncheck.com/advisories/genymobile-scrcpy-global-buffer-overflow