ZIP
WinGet
osslsigncode
Michał Trojnara · 2.12 · x64
Before deploying, verify this file with VirusTotal ↗
Silent Commands
Distributed as a ZIP archive — extract the contents and run the executable directly. No installer is included.
File Identity
Filename
osslsigncode-2.12-windows-x64-mingw.zip
Signature
Status
Upload installer to verify signature
Installer Selection
WinGet Package
Package ID
MichalTrojnara.osslsigncode
Version
2.12
Description
OpenSSL based Authenticode signing for PE/MSI/Java CAB files.
License
GPL-3.0
↗
Installer URL
https://github.com/mtrojnar/osslsigncode/releases/download/2.12/osslsigncode-2.12-windows-x64-mingw.zip
Upgrade Behavior
uninstallprevious(Uninstall previous first)
Release Notes
2.12 (2026.02.02)
CRITICAL SECURITY VULNERABILITY
This release fixes a critical memory corruption vulnerability. A malicious
attacker could create a signed file, which, when verified with osslsigncode,
triggers arbitrary code execution. Any previous version of osslsigncode should
be immediately upgraded if the tool is used for verification of untrusted
files.
- fixed a buffer overflow while extracting message digests
(reported and fixed by Antoni Klajn, Opera)