Hi, I am the reporter/discoverer of CVE-2025-67125.
This issue has now been reported upstream and a proposed fix is available here: - Upstream issue: https://github.com/docopt/docopt.cpp/issues/167 - Proposed fix PR: https://github.com/docopt/docopt.cpp/pull/168 - Reproduction details / PoCs / logs: https://gist.github.com/thesmartshadow/672afe8828844c833f46f8ebe2f5f3bd The issue is a signed integer overflow in LeafPattern::match when merging occurrence counters. In realistic host applications, attacker-controlled defaults (e.g. ENV/config/plugin-provided values) can set the counter seed to LONG_MAX, and the first user occurrence then triggers LONG_MAX + 1. Tested vulnerable version: - docopt.cpp 0.6.2 Regards, Ali Firas
