CVE-2025-59050

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-59050
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-59050.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-59050
Related
  • GHSA-8f7f-x7ww-xx5w
Published
2025-09-16T17:15:41Z
Modified
2025-09-18T04:48:34.488663Z
Summary
[none]
Details

Greenshot is an open source Windows screenshot utility. Greenshot 1.3.300 and earlier deserializes attacker-controlled data received in a WMCOPYDATA message using BinaryFormatter.Deserialize without prior validation or authentication, allowing a local process at the same integrity level to trigger arbitrary code execution inside the Greenshot process. The vulnerable logic resides in a WinForms WndProc handler for WMCOPYDATA (message 74) that copies the supplied bytes into a MemoryStream and invokes BinaryFormatter.Deserialize, and only afterward checks whether the specified channel is authorized. Because the authorization check occurs after deserialization, any gadget chain embedded in the serialized payload executes regardless of channel membership. A local attacker who can send WM_COPYDATA to the Greenshot main window can achieve in-process code execution, which may aid evasion of application control policies by running payloads within the trusted, signed Greenshot.exe process. This issue is fixed in version 1.3.301. No known workarounds exist.

References

Affected packages

Git / github.com/greenshot/greenshot

Affected ranges

Type
GIT
Repo
https://github.com/greenshot/greenshot
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Greenshot-RELEASE-1.*

Greenshot-RELEASE-1.2.10.6
Greenshot-RELEASE-1.2.8.12
Greenshot-RELEASE-1.2.8.14
Greenshot-RELEASE-1.2.9.104
Greenshot-RELEASE-1.2.9.112
Greenshot-RELEASE-1.2.9.129

Other

bug/546-admin-install

v1.*

v1.3.105
v1.3.106
v1.3.108
v1.3.151
v1.3.154
v1.3.157
v1.3.178
v1.3.194
v1.3.201
v1.3.202
v1.3.203
v1.3.204
v1.3.205
v1.3.211
v1.3.213
v1.3.218
v1.3.219
v1.3.220
v1.3.223
v1.3.229
v1.3.231
v1.3.234
v1.3.235
v1.3.238
v1.3.239
v1.3.244
v1.3.246
v1.3.249
v1.3.254
v1.3.256
v1.3.258
v1.3.259
v1.3.260
v1.3.261
v1.3.262
v1.3.265
v1.3.270
v1.3.273
v1.3.274
v1.3.275
v1.3.277
v1.3.281
v1.3.284
v1.3.286
v1.3.287
v1.3.288
v1.3.289
v1.3.290
v1.3.291
v1.3.292
v1.3.293
v1.3.294
v1.3.296
v1.3.297
v1.3.298
v1.3.299
v1.3.300
v1.3.55
v1.3.57
v1.3.63
v1.3.69
v1.3.71
v1.3.75
v1.3.76