Is codechecker affected by CVE-2025-40843?

PyPI codechecker is affected in <6.26.2.

Is CVE-2025-40843 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

high

CVE-2025-40843

Q: Is CVE-2025-40843 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

PyPI · codechecker

Summary

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue af

Severity: high
EPSS: 0.2% (p5)
Also known as: GHSA-5xf2-f6ch-6p8r, PYSEC-2025-100
Published: 2025-10-28

References

https://github.com/Ericsson/codechecker/security/advisories/GHSA-5xf2-f6ch-6p8r

Related advisories

CVE-2026-25660 — critical · PyPI/codechecker
CVE-2024-53829 — high · PyPI/codechecker
CVE-2025-1300 — medium · PyPI/codechecker

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.