This is an additional critical stack-based buffer overflow vulnerability in older versions of the JAD Java Decompiler. The flaw exists in the handling of input passed to the jad command line. Attackers can exploit this flaw to gain arbitrary code execution with the privileges of the current user account.
Remediation
The affected software is end-of-life and no official patch has been released. Organizations should remove the affected JAD binary from all systems and replace it with a maintained alternative. Restrict local user access to any legacy systems that retain the unpatched software.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.