osslsigncode

by Michał Trojnarav2.13

Last updated Jun 8, 2026

OpenSSL based Authenticode signing for PE/MSI/Java CAB files.

Install with winget

$ winget install --id MichalTrojnara.osslsigncode --exact --version 2.13

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

osslsigncode is a small tool that implements part of the functionality of the Microsoft tool signtool.exe

Installers · v2.13

Architecture	Type	Scope	Install	Download
x64	ZIP archive	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

5 known CVEs via NVD

medium5.5Patched in wingetCVE-2026-39856affects before 2.13Apr 9, 2026
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code (pe_page_hash_calc()). When processing PE sections for page hashi...
Patch Vendor advisory
medium5.5Patched in wingetCVE-2026-39855affects before 2.13Apr 9, 2026
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code (pe_page_hash_calc()). When page hash processing is performed on a...
Patch Vendor advisory
high7.8Patched in wingetCVE-2026-39853affects before 2.12Apr 9, 2026
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS#7 signature, the code copies the digest value from a p...
Patch Vendor advisory
critical9.8Patched in wingetCVE-2025-70888affects <=2.10Mar 25, 2026
An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component
high7.8Patched in wingetCVE-2023-36377affects v2.3Jul 3, 2023
Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files.

Source: NVD, updated 2h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

B
B4CKMichał Trojnara
B4CK.B4CKv1.0
The B4CK.net service allows for accessing selected internal TCP services over the Internet. The service employs proxy hosts to traverse firewalls and NAT (network address translation) routers.

Frequently asked questions

How do I install osslsigncode on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id MichalTrojnara.osslsigncode --exact --version 2.13. winget downloads the installer from Michał Trojnara and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install osslsigncode silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id MichalTrojnara.osslsigncode --exact 2.13 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall osslsigncode via winget?

Run: winget uninstall --id MichalTrojnara.osslsigncode --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from osslsigncode's Apps & Features entry.

Is osslsigncode free?

osslsigncode is distributed under GPL-3.0. Refer to the publisher (https://github.com/mtrojnar/osslsigncode) for the full license terms - Wingetly itself does not charge for installation.

Does osslsigncode work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls osslsigncode directly from the publisher.

How do I keep osslsigncode up to date?

Run winget upgrade --id MichalTrojnara.osslsigncode --exact, or winget upgrade --all to update everything winget tracks. We index 2 versions of osslsigncode from microsoft/winget-pkgs.

Recent versions

2.13latest
2.12