zer0matt/CVE-2025-60751

# CVE-2025-60751 PoC for CVE-2025-60751 Affected product: [Geographiclib](https://github.com/geographiclib/geographiclib) <= v2.5.1 The full writeup article is available at [https://zer0matt.blogspot.com/2026/05/cve-2025-60751-geographiclib-stack.html](https://zer0matt.blogspot.com/2026/05/cve-2025-60751-geographiclib-stack.html) ### Description A stack buffer overflow occurs when GeoConvert receives a crafted input. The overflow occurs because the program does not properly validate an internal index, allowing an out-of-bounds write on the stack. An attacker can exploit this vulnerability to hijack the program's control flow by overwriting a return address to point to a libc function (ret2libc) and execute arbitrary code using a ROP chain. ### Usage [~] python3 CVE-2025-60751.py [*] '/home/matt/geographiclib/tools/GeoConvert' Arch: amd64-64-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: PIE enabled FORTIFY: Enabled ASAN: Enabled Stripped: No Debuginfo: Yes [+] Starting local process '/home/matt/geographiclib/tools/GeoConvert': pid 398391 [*] Switching to interactive mode ERROR: Column letter A not in UPS band A set JKLPQRSTUXYZ $ ### Notes Remember to fix the addresses accordingly in order to build your own ROP Chain, addresses can vary due to memory defenses techniques such as ASLR.