Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
R on Windows: Malicious Code Can Bypass Security Protections
CVE-2019-25485
Summary
A security issue in R on Windows allows an attacker on the same computer to execute malicious code with the same privileges as the R program. This can happen if an attacker manipulates the language settings in the R program's Preferences menu. Update to the latest version of R to fix this issue.
Original title
R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a cra...
Original description
R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler chain pivot and execute arbitrary shellcode with application privileges.
nvd CVSS3.1
6.2
nvd CVSS4.0
6.9
Vulnerability type
CWE-787
Out-of-bounds Write
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026