HIGH
Gpsd Project
CVE published 2026-01-02
CVE-2025-67269
CVE-2025-67269 is an integer underflow vulnerability in the `nextstate()` function of gpsd, a GPS service daemon. The vulnerability occurs when parsing a NAVCOM packet, where the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MA [truncated]