| Name | CVE-2025-53964 |
| Description | GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| goldendict (PTS) | bullseye | 1.5.0~rc2+git20200409+ds-2 | vulnerable |
| bookworm | 1.5.0~rc2+git20221126+ds-1 | vulnerable |
| goldendict-ng (PTS) | sid, trixie | 25.06.0-2 | undetermined |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| goldendict | source | (unstable) | (unfixed) | | | |
| goldendict-ng | source | (unstable) | undetermined | | | |
Notes
https://github.com/tigr78/CVE-2025-53964
check more on details of vulnerability