CVE-2025-9809

CVSS 8.4 HIGHEPSS 0.4%CWE-787

Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATH_MAX_LENGTH that is copied using memcpy into a fixed-size buffer.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

libretro · libretro-common

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/libretro/libretro-common/blob/master/formats/cdfs/cdfs.c#L471 https://github.com/libretro/libretro-common/issues/222