Back to search
CVE-2025-34449
Published: Dec 18, 2025
Modified: Mar 23, 2026
PUBLISHED
Description
Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the sc_device_msg_deserialize() function. A compromised device can send crafted messages that cause out-of-bounds reads, which may result in memory corruption or a denial-of-service condition. This vulnerability may allow further exploitation on the host system.
| Vendor | Product | Versions |
|---|---|---|
Genymobile | scrcpy | affected 0 - <= 3.3.3unaffected 3e40b2473772cea3a23d4932088fd0bc4cc0f52c |
Weaknesses (CWE)
References
https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-003-scrcpy-global-buffer-overflow.md
technical-description
exploit
https://github.com/Genymobile/scrcpy/issues/6415
issue-tracking
https://www.vulncheck.com/advisories/genymobile-scrcpy-global-buffer-overflow
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now