Home / Threat Intelligence bulletins / Notepad remediates four security flaws

Target Industry

Indiscriminate, opportunistic targeting.


Notepad++ version 8.5.7 has been released, which has remediated four buffer overflow zero-day flaws, one of which could result in the execution of code by leading target users into opening specially crafted files. A summary of the security flaws has been outlined below:

  • CVE-2023-40031 (CVSSv3 score: 7.8): Geap buffer write overflow in `Utf8_16_Read::convert`
  • CVE-2023-40036 (CVSSv3 score: 5.5): Global buffer read overflow in `CharDistributionAnalysis::HandleOneChar’
  • CVE-2023-40164 (CVSSv3 score: 5.5): Global buffer read overflow in `nsCodingStateMachine::NextStater`
  • CVE-2023-40166 (CVSSv3 score: 5.5): Heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `

Proof of concept (PoC) exploits have been released with regards to these vulnerabilities and, as such, it is critical that users apply the relevant updates as soon as possible.


Successful exploitation of these vulnerabilities could allow threat actors to perform arbitrary code execution or leak internal memory allocation data from target systems, thus leading to the compromise of the integrity of data.

Vulnerability Detection

Notepad has released a security patch with regards to these vulnerabilities. As such, previous versions are vulnerable to potential exploitation.

Affected Products

Notepad++ versions 8.5.6 and prior.

Containment, Mitigations & Remediations

It is strongly recommended that users apply the Notepad++ version 8.5.7 security patch as soon as possible.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

Notepad++ occupies a significant proportion of the text editor market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Notepad++ could emerge as a prime target for threat actors. Due to the fact that Notepad++ is an integral aspect of personal and business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to exfiltrate the sensitive data contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies


TA0002 – Execution

Further Information

Notepad++ Patch Details


An Intelligence Terminology Yardstick to showing the likelihood of events