Search criteria
248 vulnerabilities
CVE-2025-13437 (GCVE-0-2025-13437)
Vulnerability from cvelistv5 – Published: 2025-11-20 16:25 – Updated: 2025-11-20 16:49
VLAI?
Summary
When zx is invoked with --prefer-local=<path>, the CLI creates a symlink named ./node_modules pointing to <path>/node_modules. Due to a logic error in src/cli.ts (linkNodeModules / cleanup), the function returns the target path instead of the alias (symlink path). The later cleanup routine removes what it received, which deletes the target directory itself. Result: zx can delete an external <path>/node_modules outside the current working directory.
Severity ?
CWE
- CWE-706 - Use of Incorrectly-Resolved Name or Reference
Assigner
References
Credits
Ali Firas
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13437",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T16:49:00.710619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T16:49:32.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "zx",
"repo": "https://github.com/google/zx",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "8.8.4",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ali Firas"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When zx is invoked with --prefer-local=\u0026lt;path\u0026gt;, the CLI creates a symlink named ./node_modules pointing to \u0026lt;path\u0026gt;/node_modules. Due to a logic error in src/cli.ts (linkNodeModules / cleanup), the function returns the target path instead of the alias (symlink path). The later cleanup routine removes what it received, which deletes the target directory itself. Result: zx can delete an external \u0026lt;path\u0026gt;/node_modules outside the current working directory.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "When zx is invoked with --prefer-local=\u003cpath\u003e, the CLI creates a symlink named ./node_modules pointing to \u003cpath\u003e/node_modules. Due to a logic error in src/cli.ts (linkNodeModules / cleanup), the function returns the target path instead of the alias (symlink path). The later cleanup routine removes what it received, which deletes the target directory itself. Result: zx can delete an external \u003cpath\u003e/node_modules outside the current working directory."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-706",
"description": "CWE-706 Use of Incorrectly-Resolved Name or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T16:25:16.866Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/google/zx/issues/1348"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Arbitrary node_modules Directory Deletion in Google zx",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-13437",
"datePublished": "2025-11-20T16:25:16.866Z",
"dateReserved": "2025-11-19T19:03:28.234Z",
"dateUpdated": "2025-11-20T16:49:32.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13425 (GCVE-0-2025-13425)
Vulnerability from cvelistv5 – Published: 2025-11-20 15:30 – Updated: 2025-11-20 16:24
VLAI?
Summary
A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next() to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic (index out of range) and an application crash (denial of service) in OSV-SCALIBR.
Severity ?
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OSV-SCALIBR |
Affected:
< 0.3.4
|
Credits
Yuvraj Saxena
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13425",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T16:24:10.631487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T16:24:21.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OSV-SCALIBR",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "\u003c 0.3.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yuvraj Saxena"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next() to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic (index out of range) and an application crash (denial of service) in OSV-SCALIBR.\u003c/p\u003e"
}
],
"value": "A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next() to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic (index out of range) and an application crash (denial of service) in OSV-SCALIBR."
}
],
"impacts": [
{
"capecId": "CAPEC-125",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-125 Flooding"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 1.9,
"baseSeverity": "LOW",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T15:30:31.256Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/google/osv-scalibr/commit/e67c4e198ca099cb7c16957a80f6c5331d90a672"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service in OSV-SCALIBR",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-13425",
"datePublished": "2025-11-20T15:30:31.256Z",
"dateReserved": "2025-11-19T16:07:19.171Z",
"dateUpdated": "2025-11-20T16:24:21.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12060 (GCVE-0-2025-12060)
Vulnerability from cvelistv5 – Published: 2025-10-30 17:10 – Updated: 2025-11-01 03:55
VLAI?
Summary
The keras.utils.get_file API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder. This vulnerability is linked to the underlying Python tarfile weakness, identified as CVE-2025-4517. Note that upgrading Python to one of the versions that fix CVE-2025-4517 (e.g. Python 3.13.4) is not enough. One additionally needs to upgrade Keras to a version with the fix (Keras 3.12).
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Credits
Krishna Gudimetla
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-01T03:55:52.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/keras-team/keras/",
"defaultStatus": "unaffected",
"packageName": "util",
"product": "Keras",
"programFiles": [
"get_file"
],
"vendor": "Keras",
"versions": [
{
"lessThanOrEqual": "3.11.3",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:keras:keras:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.11.3",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krishna Gudimetla"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The \u003ccode\u003ekeras.utils.get_file\u003c/code\u003e API in Keras, when used with the \u003ccode\u003eextract=True\u003c/code\u003e option for tar archives, is vulnerable to a path traversal attack. The utility uses Python\u0027s \u003ccode\u003etarfile.extractall\u003c/code\u003e function without the \u003ccode\u003efilter=\"data\"\u003c/code\u003e feature. A remote attacker can craft a malicious tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder. This vulnerability is linked to the underlying Python \u003ccode\u003etarfile\u003c/code\u003e weakness, identified as CVE-2025-4517.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNote that upgrading Python to one of the versions that fix CVE-2025-4517 (e.g. Python 3.13.4) is not enough. One additionally needs to upgrade Keras to a version with the fix (Keras 3.12).\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The keras.utils.get_file API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python\u0027s tarfile.extractall function without the filter=\"data\" feature. A remote attacker can craft a malicious tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder. This vulnerability is linked to the underlying Python tarfile weakness, identified as CVE-2025-4517.\u00a0Note that upgrading Python to one of the versions that fix CVE-2025-4517 (e.g. Python 3.13.4) is not enough. One additionally needs to upgrade Keras to a version with the fix (Keras 3.12)."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T17:10:43.868Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/keras-team/keras/pull/21760"
},
{
"url": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Keras keras.utils.get_file Utility Path Traversal Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-12060",
"datePublished": "2025-10-30T17:10:43.868Z",
"dateReserved": "2025-10-22T10:17:29.108Z",
"dateUpdated": "2025-11-01T03:55:52.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12058 (GCVE-0-2025-12058)
Vulnerability from cvelistv5 – Published: 2025-10-29 08:48 – Updated: 2025-10-29 14:11
VLAI?
Summary
The Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF).
This vulnerability stems from the way the StringLookup layer is handled during model loading from a specially crafted .keras archive. The constructor for the StringLookup layer accepts a vocabulary argument that can specify a local file path or a remote file path.
* Arbitrary Local File Read: An attacker can create a malicious .keras file that embeds a local path in the StringLookup layer's configuration. When the model is loaded, Keras will attempt to read the content of the specified local file and incorporate it into the model state (e.g., retrievable via get_vocabulary()), allowing an attacker to read arbitrary local files on the hosting system.
* Server-Side Request Forgery (SSRF): Keras utilizes tf.io.gfile for file operations. Since tf.io.gfile supports remote filesystem handlers (such as GCS and HDFS) and HTTP/HTTPS protocols, the same mechanism can be leveraged to fetch content from arbitrary network endpoints on the server's behalf, resulting in an SSRF condition.
The security issue is that the feature allowing external path loading was not properly restricted by the safe_mode=True flag, which was intended to prevent such unintended data access.
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Credits
Jayashwa Singh Chauhan
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T14:07:04.803189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T14:11:03.027Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Keras",
"vendor": "Keras",
"versions": [
{
"lessThan": "3.12.0",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:keras:keras:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.12.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jayashwa Singh Chauhan"
}
],
"datePublic": "2025-10-17T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe \u003cb\u003e\u003ccode\u003eKeras.Model.load_model\u003c/code\u003e\u003c/b\u003e method, including when executed with the intended security mitigation \u003cb\u003e\u003ccode\u003esafe_mode=True\u003c/code\u003e\u003c/b\u003e, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF).\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis vulnerability stems from the way the \u003cb\u003e\u003ccode\u003eStringLookup\u003c/code\u003e\u003c/b\u003e layer is handled during model loading from a specially crafted \u003cb\u003e\u003ccode\u003e.keras\u003c/code\u003e\u003c/b\u003e archive. The constructor for the \u003ccode\u003eStringLookup\u003c/code\u003e layer accepts a \u003ccode\u003evocabulary\u003c/code\u003e argument that can specify a \u003cb\u003elocal file path\u003c/b\u003e or a \u003cb\u003eremote file path\u003c/b\u003e.\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cb\u003eArbitrary Local File Read:\u003c/b\u003e An attacker can create a malicious \u003ccode\u003e.keras\u003c/code\u003e file that embeds a local path in the \u003ccode\u003eStringLookup\u003c/code\u003e layer\u0027s configuration. When the model is loaded, Keras will attempt to read the content of the specified local file and incorporate it into the model state (e.g., retrievable via \u003ccode\u003eget_vocabulary()\u003c/code\u003e), allowing an attacker to \u003cb\u003eread arbitrary local files\u003c/b\u003e on the hosting system.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cb\u003eServer-Side Request Forgery (SSRF):\u003c/b\u003e Keras utilizes \u003cb\u003e\u003ccode\u003etf.io.gfile\u003c/code\u003e\u003c/b\u003e for file operations. Since \u003ccode\u003etf.io.gfile\u003c/code\u003e supports remote filesystem handlers (such as GCS and HDFS) and HTTP/HTTPS protocols, the same mechanism can be leveraged to fetch content from \u003cb\u003earbitrary network endpoints\u003c/b\u003e on the server\u0027s behalf, resulting in an SSRF condition.\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThe security issue is that the feature allowing external path loading was \u003cb\u003enot properly restricted\u003c/b\u003e by the \u003ccode\u003esafe_mode=True\u003c/code\u003e flag, which was intended to prevent such unintended data access.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "The Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF).\n\n\nThis vulnerability stems from the way the StringLookup layer is handled during model loading from a specially crafted .keras archive. The constructor for the StringLookup layer accepts a vocabulary argument that can specify a local file path or a remote file path.\n\n * Arbitrary Local File Read: An attacker can create a malicious .keras file that embeds a local path in the StringLookup layer\u0027s configuration. When the model is loaded, Keras will attempt to read the content of the specified local file and incorporate it into the model state (e.g., retrievable via get_vocabulary()), allowing an attacker to read arbitrary local files on the hosting system.\n\n\n * Server-Side Request Forgery (SSRF): Keras utilizes tf.io.gfile for file operations. Since tf.io.gfile supports remote filesystem handlers (such as GCS and HDFS) and HTTP/HTTPS protocols, the same mechanism can be leveraged to fetch content from arbitrary network endpoints on the server\u0027s behalf, resulting in an SSRF condition.\n\n\nThe security issue is that the feature allowing external path loading was not properly restricted by the safe_mode=True flag, which was intended to prevent such unintended data access."
}
],
"impacts": [
{
"capecId": "CAPEC-221",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-221 Data Serialization External Entities Blowup"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T08:48:29.689Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/keras-team/keras/security/advisories/GHSA-qg93-c7p6-gg7f"
},
{
"url": "https://github.com/keras-team/keras/pull/21751"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-12058",
"datePublished": "2025-10-29T08:48:29.689Z",
"dateReserved": "2025-10-22T07:39:21.715Z",
"dateUpdated": "2025-10-29T14:11:03.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12080 (GCVE-0-2025-12080)
Vulnerability from cvelistv5 – Published: 2025-10-27 08:45 – Updated: 2025-10-27 15:53
VLAI?
Summary
On Wear OS devices, when Google Messages is configured as the default SMS/MMS/RCS application, the handling of ACTION_SENDTO intents utilizing the sms:, smsto:, mms:, and mmsto: Uniform Resource Identifier (URI) schemes is incorrectly implemented.
Due to this misconfiguration, an attacker capable of invoking an Android intent can exploit this vulnerability to send messages on the user’s behalf to arbitrary receivers without requiring any further user interaction or specific permissions. This allows for the silent and unauthorized transmission of messages from a compromised Wear OS device.
Severity ?
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
Credits
Gabriele Digregorio (Io_no)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12080",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:52:32.763396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:53:29.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WearOS",
"vendor": "Google",
"versions": [
{
"lessThan": "30-04-2025",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:wearos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "30-04-2025",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gabriele Digregorio (Io_no)"
}
],
"datePublic": "2025-10-22T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn \u003cb\u003eWear OS\u003c/b\u003e devices, when \u003cb\u003eGoogle Messages\u003c/b\u003e is configured as the default SMS/MMS/RCS application, the handling of \u003cb\u003e\u003ccode\u003eACTION_SENDTO\u003c/code\u003e\u003c/b\u003e intents utilizing the \u003ccode\u003esms:\u003c/code\u003e, \u003ccode\u003esmsto:\u003c/code\u003e, \u003ccode\u003emms:\u003c/code\u003e, and \u003ccode\u003emmsto:\u003c/code\u003e Uniform Resource Identifier (URI) schemes is \u003cb\u003eincorrectly implemented\u003c/b\u003e.\u003c/p\u003e\u003cp\u003eDue to this misconfiguration, an attacker capable of invoking an Android intent can exploit this vulnerability to \u003cb\u003esend messages on the user\u2019s behalf\u003c/b\u003e to \u003cb\u003earbitrary receivers\u003c/b\u003e without requiring any further \u003cb\u003euser interaction\u003c/b\u003e or specific \u003cb\u003epermissions\u003c/b\u003e. This allows for the \u003cb\u003esilent and unauthorized transmission of messages\u003c/b\u003e from a compromised Wear OS device.\u003c/p\u003e"
}
],
"value": "On Wear OS devices, when Google Messages is configured as the default SMS/MMS/RCS application, the handling of ACTION_SENDTO intents utilizing the sms:, smsto:, mms:, and mmsto: Uniform Resource Identifier (URI) schemes is incorrectly implemented.\n\nDue to this misconfiguration, an attacker capable of invoking an Android intent can exploit this vulnerability to send messages on the user\u2019s behalf to arbitrary receivers without requiring any further user interaction or specific permissions. This allows for the silent and unauthorized transmission of messages from a compromised Wear OS device."
}
],
"impacts": [
{
"capecId": "CAPEC-502",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-502 Intent Spoof"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T08:45:52.604Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://towerofhanoi.it/writeups/cve-2025-12080/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Intent Abuse in Google Messages for Wear OS for Silent Message Sending",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-12080",
"datePublished": "2025-10-27T08:45:52.604Z",
"dateReserved": "2025-10-22T15:24:43.272Z",
"dateUpdated": "2025-10-27T15:53:29.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62496 (GCVE-0-2025-62496)
Vulnerability from cvelistv5 – Published: 2025-10-16 15:52 – Updated: 2025-10-16 17:26
VLAI?
Summary
A vulnerability exists in the QuickJS engine's BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from a string with an excessively large number of digits.
The function calculates the necessary number of bits (n_bits) required to store the BigInt using the formula:
$$\text{n\_bits} = (\text{n\_digits} \times 27 + 7) / 8 \quad (\text{for radix 10})$$
* For large input strings (e.g., $79,536,432$ digits or more for base 10), the intermediate calculation $(\text{n\_digits} \times 27 + 7)$ exceeds the maximum value of a standard signed 32-bit integer, resulting in an Integer Overflow.
* The resulting n_bits value becomes unexpectedly small or even negative due to this wrap-around.
* This flawed n_bits is then used to compute n_limbs, the number of memory "limbs" needed for the BigInt object. Since n_bits is too small, the calculated n_limbs is also significantly underestimated.
* The function proceeds to allocate a JSBigInt object using this underestimated n_limbs.
* When the function later attempts to write the actual BigInt data into the allocated object, the small buffer size is quickly exceeded, leading to a Heap Out-of-Bounds Write as data is written past the end of the allocated r->tab array.
Severity ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
Credits
Google Big Sleep
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62496",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T17:26:14.998141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T17:26:25.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://bellard.org/quickjs/",
"defaultStatus": "unaffected",
"packageName": "js_bigint_from_string",
"product": "QuickJS",
"vendor": "QuickJS",
"versions": [
{
"lessThan": "2025-09-13",
"status": "affected",
"version": "2025-04-26",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Google Big Sleep"
}
],
"datePublic": "2025-07-24T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability exists in the QuickJS engine\u0027s BigInt string parsing logic (\u003ccode\u003ejs_bigint_from_string\u003c/code\u003e) when attempting to create a BigInt from a string with an \u003cb\u003eexcessively large number of digits\u003c/b\u003e.\u003c/p\u003e\u003cp\u003eThe function calculates the necessary number of bits (\u003ccode\u003en_bits\u003c/code\u003e) required to store the BigInt using the formula:\u003c/p\u003e\u003cdiv\u003e$$\\text{n\\_bits} = (\\text{n\\_digits} \\times 27 + 7) / 8 \\quad (\\text{for radix 10})$$\u003c/div\u003e\u003col\u003e\u003cli\u003e\u003cp\u003eFor large input strings (e.g., $79,536,432$ digits or more for base 10), the intermediate calculation $(\\text{n\\_digits} \\times 27 + 7)$ exceeds the maximum value of a standard signed 32-bit integer, resulting in an \u003cb\u003eInteger Overflow\u003c/b\u003e.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eThe resulting \u003ccode\u003en_bits\u003c/code\u003e value becomes unexpectedly small or even \u003cb\u003enegative\u003c/b\u003e due to this wrap-around.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eThis flawed \u003ccode\u003en_bits\u003c/code\u003e is then used to compute \u003ccode\u003en_limbs\u003c/code\u003e, the number of memory \"limbs\" needed for the BigInt object. Since \u003ccode\u003en_bits\u003c/code\u003e is too small, the calculated \u003ccode\u003en_limbs\u003c/code\u003e is also \u003cb\u003esignificantly underestimated\u003c/b\u003e.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eThe function proceeds to allocate a \u003cb\u003e\u003ccode\u003eJSBigInt\u003c/code\u003e\u003c/b\u003e object using this underestimated \u003ccode\u003en_limbs\u003c/code\u003e.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eWhen the function later attempts to write the actual BigInt data into the allocated object, the small buffer size is quickly exceeded, leading to a \u003cb\u003eHeap Out-of-Bounds Write\u003c/b\u003e as data is written past the end of the allocated \u003ccode\u003er-\u0026gt;tab\u003c/code\u003e array.\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability exists in the QuickJS engine\u0027s BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from a string with an excessively large number of digits.\n\nThe function calculates the necessary number of bits (n_bits) required to store the BigInt using the formula:\n\n$$\\text{n\\_bits} = (\\text{n\\_digits} \\times 27 + 7) / 8 \\quad (\\text{for radix 10})$$\n\n * For large input strings (e.g., $79,536,432$ digits or more for base 10), the intermediate calculation $(\\text{n\\_digits} \\times 27 + 7)$ exceeds the maximum value of a standard signed 32-bit integer, resulting in an Integer Overflow.\n\n\n * The resulting n_bits value becomes unexpectedly small or even negative due to this wrap-around.\n\n\n * This flawed n_bits is then used to compute n_limbs, the number of memory \"limbs\" needed for the BigInt object. Since n_bits is too small, the calculated n_limbs is also significantly underestimated.\n\n\n * The function proceeds to allocate a JSBigInt object using this underestimated n_limbs.\n\n\n * When the function later attempts to write the actual BigInt data into the allocated object, the small buffer size is quickly exceeded, leading to a Heap Out-of-Bounds Write as data is written past the end of the allocated r-\u003etab array."
}
],
"impacts": [
{
"capecId": "CAPEC-175",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-175 Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T15:52:05.654Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://bellard.org/quickjs/Changelog"
},
{
"url": "https://issuetracker.google.com/434193016"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Integer overflow in js_bigint_from_string in QuickJS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-62496",
"datePublished": "2025-10-16T15:52:05.654Z",
"dateReserved": "2025-10-15T08:47:41.878Z",
"dateUpdated": "2025-10-16T17:26:25.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62495 (GCVE-0-2025-62495)
Vulnerability from cvelistv5 – Published: 2025-10-16 15:51 – Updated: 2025-10-16 17:42
VLAI?
Summary
An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the bytecode buffer size.
* The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\text{size}\_\text{t}$ (an unsigned type, typically 64-bit) for its size member.
* However, several functions, such as re_emit_op_u32 and other internal parsing routines, incorrectly cast or store this DynBuf $\text{size}\_\text{t}$ value into a signed int (typically 32-bit).
* When a large or complex regular expression (such as those generated by a recursive pattern in a Proof-of-Concept) causes the bytecode size to exceed $2^{31}$ bytes (the maximum positive value for a signed 32-bit integer), the size value wraps around, resulting in a negative integer when stored in the int variable (Integer Overflow).
* This negative value is subsequently used in offset calculations. For example, within functions like re_parse_disjunction, the negative size is used to compute an offset (pos) for patching a jump instruction.
* This negative offset is then incorrectly added to the buffer pointer (s->byte\_code.buf + pos), leading to an out-of-bounds write on the first line of the snippet below:
put_u32(s->byte_code.buf + pos, len);
Severity ?
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
Credits
Google Big Sleep
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62495",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T17:40:14.439633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T17:42:15.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://bellard.org/quickjs/",
"defaultStatus": "unaffected",
"packageName": "libregexp",
"product": "QuickJS",
"vendor": "QuickJS",
"versions": [
{
"lessThan": "2025-09-13",
"status": "affected",
"version": "2025-04-26",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Google Big Sleep"
}
],
"datePublic": "2025-07-24T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn integer overflow vulnerability exists in the QuickJS regular expression engine (\u003ccode\u003elibregexp\u003c/code\u003e) due to an \u003cb\u003einconsistent representation of the bytecode buffer size\u003c/b\u003e.\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003eThe regular expression bytecode is stored in a \u003ccode\u003eDynBuf\u003c/code\u003e structure, which correctly uses a $\\text{size}\\_\\text{t}$ (an unsigned type, typically 64-bit) for its \u003ccode\u003esize\u003c/code\u003e member.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eHowever, several functions, such as \u003ccode\u003ere_emit_op_u32\u003c/code\u003e and other internal parsing routines, incorrectly cast or store this \u003ccode\u003eDynBuf\u003c/code\u003e $\\text{size}\\_\\text{t}$ value into a signed \u003cb\u003eint\u003c/b\u003e (typically 32-bit).\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eWhen a large or complex regular expression (such as those generated by a recursive pattern in a Proof-of-Concept) causes the bytecode size to exceed \u003cb\u003e$2^{31}$ bytes\u003c/b\u003e (the maximum positive value for a signed 32-bit integer), the size value wraps around, resulting in a \u003cb\u003enegative integer\u003c/b\u003e when stored in the \u003ccode\u003eint\u003c/code\u003e variable (Integer Overflow).\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eThis negative value is subsequently used in offset calculations. For example, within functions like \u003ccode\u003ere_parse_disjunction\u003c/code\u003e, the negative size is used to compute an offset (\u003ccode\u003epos\u003c/code\u003e) for patching a jump instruction.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eThis negative offset is then incorrectly added to the buffer pointer (\u003ccode\u003es-\u0026gt;byte\\_code.buf + pos\u003c/code\u003e), leading to an \u003cb\u003eout-of-bounds write\u003c/b\u003e on the first line of the snippet below:\u003c/p\u003e\u003cblockquote\u003e\u003cp\u003e\u003ccode\u003eput_u32(s-\u0026gt;byte_code.buf + pos, len);\u003c/code\u003e\u003c/p\u003e\u003c/blockquote\u003e\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the bytecode buffer size.\n\n * The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\\text{size}\\_\\text{t}$ (an unsigned type, typically 64-bit) for its size member.\n\n\n * However, several functions, such as re_emit_op_u32 and other internal parsing routines, incorrectly cast or store this DynBuf $\\text{size}\\_\\text{t}$ value into a signed int (typically 32-bit).\n\n\n * When a large or complex regular expression (such as those generated by a recursive pattern in a Proof-of-Concept) causes the bytecode size to exceed $2^{31}$ bytes (the maximum positive value for a signed 32-bit integer), the size value wraps around, resulting in a negative integer when stored in the int variable (Integer Overflow).\n\n\n * This negative value is subsequently used in offset calculations. For example, within functions like re_parse_disjunction, the negative size is used to compute an offset (pos) for patching a jump instruction.\n\n\n * This negative offset is then incorrectly added to the buffer pointer (s-\u003ebyte\\_code.buf + pos), leading to an out-of-bounds write on the first line of the snippet below:\n\nput_u32(s-\u003ebyte_code.buf + pos, len);"
}
],
"impacts": [
{
"capecId": "CAPEC-175",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-175 Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T15:51:58.953Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://bellard.org/quickjs/Changelog"
},
{
"url": "https://issuetracker.google.com/434196926"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Type confusion in string addition in QuickJS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-62495",
"datePublished": "2025-10-16T15:51:58.953Z",
"dateReserved": "2025-10-15T08:47:41.878Z",
"dateUpdated": "2025-10-16T17:42:15.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62494 (GCVE-0-2025-62494)
Vulnerability from cvelistv5 – Published: 2025-10-16 15:51 – Updated: 2025-10-16 17:46
VLAI?
Summary
A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine.
* The code first checks if the left-hand operand is a string.
* It then attempts to convert the right-hand operand to a primitive value using JS_ToPrimitiveFree. This conversion can trigger a callback (e.g., toString or valueOf).
* During this callback, an attacker can modify the type of the left-hand operand in memory, changing it from a string to a different type (e.g., an object or an array).
* The code then proceeds to call JS_ConcatStringInPlace, which still treats the modified left-hand value as a string.
This mismatch between the assumed type (string) and the actual type allows an attacker to control the data structure being processed by the concatenation logic, resulting in a type confusion condition. This can lead to out-of-bounds memory access, potentially resulting in memory corruption and arbitrary code execution in the context of the QuickJS runtime.
Severity ?
CWE
- CWE-704 - Incorrect Type Conversion or Cast
Assigner
References
Credits
Google Big Sleep
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62494",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T17:46:18.542287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T17:46:39.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://bellard.org/quickjs/",
"defaultStatus": "unaffected",
"packageName": "JS_ConcatStringInPlace",
"product": "QuickJS",
"vendor": "QuickJS",
"versions": [
{
"lessThan": "2025-09-13",
"status": "affected",
"version": "2025-04-26",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Google Big Sleep"
}
],
"datePublic": "2025-07-24T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA type confusion vulnerability exists in the handling of the \u003cb\u003estring addition (\u003ccode\u003e+\u003c/code\u003e) operation\u003c/b\u003e within the QuickJS engine.\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003eThe code first checks if the \u003cb\u003eleft-hand operand\u003c/b\u003e is a \u003cb\u003estring\u003c/b\u003e.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eIt then attempts to convert the \u003cb\u003eright-hand operand\u003c/b\u003e to a primitive value using \u003ccode\u003eJS_ToPrimitiveFree\u003c/code\u003e. This conversion can trigger a \u003cb\u003ecallback\u003c/b\u003e (e.g., \u003ccode\u003etoString\u003c/code\u003e or \u003ccode\u003evalueOf\u003c/code\u003e).\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eDuring this callback, an attacker can modify the \u003cb\u003etype\u003c/b\u003e of the \u003cb\u003eleft-hand operand\u003c/b\u003e in memory, changing it from a string to a different type (e.g., an object or an array).\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eThe code then proceeds to call \u003ccode\u003eJS_ConcatStringInPlace\u003c/code\u003e, which still treats the modified left-hand value as a string.\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThis mismatch between the assumed type (string) and the actual type allows an attacker to control the data structure being processed by the concatenation logic, resulting in a \u003cb\u003etype confusion condition\u003c/b\u003e. This can lead to out-of-bounds memory access, potentially resulting in \u003cb\u003ememory corruption\u003c/b\u003e and \u003cb\u003earbitrary code execution\u003c/b\u003e in the context of the QuickJS runtime.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine.\n\n * The code first checks if the left-hand operand is a string.\n\n\n * It then attempts to convert the right-hand operand to a primitive value using JS_ToPrimitiveFree. This conversion can trigger a callback (e.g., toString or valueOf).\n\n\n * During this callback, an attacker can modify the type of the left-hand operand in memory, changing it from a string to a different type (e.g., an object or an array).\n\n\n * The code then proceeds to call JS_ConcatStringInPlace, which still treats the modified left-hand value as a string.\n\n\nThis mismatch between the assumed type (string) and the actual type allows an attacker to control the data structure being processed by the concatenation logic, resulting in a type confusion condition. This can lead to out-of-bounds memory access, potentially resulting in memory corruption and arbitrary code execution in the context of the QuickJS runtime."
}
],
"impacts": [
{
"capecId": "CAPEC-175",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-175 Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704 Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T15:51:50.977Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://bellard.org/quickjs/Changelog"
},
{
"url": "https://issuetracker.google.com/434193023"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Type confusion in string addition in QuickJS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-62494",
"datePublished": "2025-10-16T15:51:50.977Z",
"dateReserved": "2025-10-15T08:47:41.878Z",
"dateUpdated": "2025-10-16T17:46:39.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62493 (GCVE-0-2025-62493)
Vulnerability from cvelistv5 – Published: 2025-10-16 15:51 – Updated: 2025-10-16 17:59
VLAI?
Summary
A vulnerability exists in the QuickJS engine's BigInt string conversion logic (js_bigint_to_string1) due to an incorrect calculation of the required number of digits, which in turn leads to reading memory past the allocated BigInt structure.
* The function determines the number of characters (n_digits) needed for the string representation by calculating:
$$ \\ \text{n\_digits} = (\text{n\_bits} + \text{log2\_radix} - 1) / \text{log2\_radix}$$
$$$$This formula is off-by-one in certain edge cases when calculating the necessary memory limbs. For instance, a 127-bit BigInt using radix 32 (where $\text{log2\_radix}=5$) is calculated to need $\text{n\_digits}=26$.
* The maximum number of bits actually stored is $\text{n\_bits}=127$, which requires only two 64-bit limbs ($\text{JS\_LIMB\_BITS}=64$).
* The conversion loop iterates $\text{n\_digits}=26$ times, attempting to read 5 bits in each iteration, totaling $26 \times 5 = 130$ bits.
* In the final iterations of the loop, the code attempts to read data that spans two limbs:
C
c = (r->tab[pos] >> shift) | (r->tab[pos + 1] << (JS_LIMB_BITS - shift));
* Since the BigInt was only allocated two limbs, the read operation for r->tab[pos + 1] becomes an Out-of-Bounds Read when pos points to the last valid limb (e.g., $pos=1$).
This vulnerability allows an attacker to cause the engine to read and process data from the memory immediately following the BigInt buffer. This can lead to Information Disclosure of sensitive data stored on the heap adjacent to the BigInt object.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Credits
Google Big Sleep
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62493",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T17:56:52.934146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T17:59:10.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://bellard.org/quickjs/",
"defaultStatus": "unaffected",
"packageName": "js_bigint_to_string1",
"product": "QuickJS",
"vendor": "QuickJS",
"versions": [
{
"lessThan": "2025-09-13",
"status": "affected",
"version": "2025-04-26",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Google Big Sleep"
}
],
"datePublic": "2025-07-24T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability exists in the QuickJS engine\u0027s BigInt string conversion logic (\u003ccode\u003ejs_bigint_to_string1\u003c/code\u003e) due to an incorrect calculation of the required number of digits, which in turn leads to reading memory past the allocated BigInt structure.\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003eThe function determines the number of characters (\u003ccode\u003en_digits\u003c/code\u003e) needed for the string representation by calculating:\u003c/p\u003e\u003cdiv\u003e$$ \\\\ \\text{n\\_digits} = (\\text{n\\_bits} + \\text{log2\\_radix} - 1) / \\text{log2\\_radix}$$\u003c/div\u003e\u003cp\u003e$$$$This formula is \u003cb\u003eoff-by-one\u003c/b\u003e in certain edge cases when calculating the necessary memory limbs. For instance, a 127-bit BigInt using radix 32 (where $\\text{log2\\_radix}=5$) is calculated to need $\\text{n\\_digits}=26$.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eThe maximum number of bits actually stored is $\\text{n\\_bits}=127$, which requires only two 64-bit limbs ($\\text{JS\\_LIMB\\_BITS}=64$).\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eThe conversion loop iterates \u003cb\u003e$\\text{n\\_digits}=26$ times\u003c/b\u003e, attempting to read 5 bits in each iteration, totaling $26 \\times 5 = 130$ bits.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eIn the final iterations of the loop, the code attempts to read data that spans two limbs:\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003eC\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cpre\u003e\u003ccode\u003ec = (r-\u0026gt;tab[pos] \u0026gt;\u0026gt; shift) | (r-\u0026gt;tab[pos + 1] \u0026lt;\u0026lt; (JS_LIMB_BITS - shift));\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eSince the BigInt was only allocated two limbs, the read operation for \u003ccode\u003er-\u0026gt;tab[pos + 1]\u003c/code\u003e becomes an \u003cb\u003eOut-of-Bounds Read\u003c/b\u003e when \u003ccode\u003epos\u003c/code\u003e points to the last valid limb (e.g., $pos=1$).\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThis vulnerability allows an attacker to cause the engine to read and process data from the memory immediately following the BigInt buffer. This can lead to \u003cb\u003eInformation Disclosure\u003c/b\u003e of sensitive data stored on the heap adjacent to the BigInt object.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability exists in the QuickJS engine\u0027s BigInt string conversion logic (js_bigint_to_string1) due to an incorrect calculation of the required number of digits, which in turn leads to reading memory past the allocated BigInt structure.\n\n * The function determines the number of characters (n_digits) needed for the string representation by calculating:\n\n$$ \\\\ \\text{n\\_digits} = (\\text{n\\_bits} + \\text{log2\\_radix} - 1) / \\text{log2\\_radix}$$\n\n$$$$This formula is off-by-one in certain edge cases when calculating the necessary memory limbs. For instance, a 127-bit BigInt using radix 32 (where $\\text{log2\\_radix}=5$) is calculated to need $\\text{n\\_digits}=26$.\n\n\n * The maximum number of bits actually stored is $\\text{n\\_bits}=127$, which requires only two 64-bit limbs ($\\text{JS\\_LIMB\\_BITS}=64$).\n\n\n * The conversion loop iterates $\\text{n\\_digits}=26$ times, attempting to read 5 bits in each iteration, totaling $26 \\times 5 = 130$ bits.\n\n\n * In the final iterations of the loop, the code attempts to read data that spans two limbs:\n\nC\n\n\n\nc = (r-\u003etab[pos] \u003e\u003e shift) | (r-\u003etab[pos + 1] \u003c\u003c (JS_LIMB_BITS - shift));\n\n\n\n\n\n\n\n\n\n * Since the BigInt was only allocated two limbs, the read operation for r-\u003etab[pos + 1] becomes an Out-of-Bounds Read when pos points to the last valid limb (e.g., $pos=1$).\n\n\nThis vulnerability allows an attacker to cause the engine to read and process data from the memory immediately following the BigInt buffer. This can lead to Information Disclosure of sensitive data stored on the heap adjacent to the BigInt object."
}
],
"impacts": [
{
"capecId": "CAPEC-175",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-175 Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T15:51:42.952Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://bellard.org/quickjs/Changelog"
},
{
"url": "https://issuetracker.google.com/434193024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap out-of-bounds read in js_bigint_to_string1 in QuickJS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-62493",
"datePublished": "2025-10-16T15:51:42.952Z",
"dateReserved": "2025-10-15T08:47:41.878Z",
"dateUpdated": "2025-10-16T17:59:10.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62492 (GCVE-0-2025-62492)
Vulnerability from cvelistv5 – Published: 2025-10-16 15:51 – Updated: 2025-10-16 18:02
VLAI?
Summary
A vulnerability stemming from floating-point arithmetic precision errors exists in the QuickJS engine's implementation of TypedArray.prototype.indexOf() when a negative fromIndex argument is supplied.
* The fromIndex argument (read as a double variable, $d$) is used to calculate the starting position for the search.
* If d is negative, the index is calculated relative to the end of the array by adding the array's length (len) to d:
$$d_{new} = d + \text{len}$$
* Due to the inherent limitations of floating-point arithmetic, if the negative value $d$ is extremely small (e.g., $-1 \times 10^{-20}$), the addition $d + \text{len}$ can result in a loss of precision, yielding an outcome that is exactly equal to $\text{len}$.
* The result is then converted to an integer index $k$: $k = \text{len}$.
* The search function proceeds to read array elements starting from index $k$. Since valid indices are $0$ to $\text{len}-1$, starting the read at index $\text{len}$ is one element past the end of the array.
This allows an attacker to cause an Out-of-Bounds Read of one element immediately following the buffer. While the scope of this read is small (one element), it can potentially lead to Information Disclosure of adjacent memory contents, depending on the execution environment.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Credits
Google Big Sleep
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62492",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T18:01:27.698649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T18:02:02.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://bellard.org/quickjs/",
"defaultStatus": "unaffected",
"packageName": "js_typed_array_indexOf",
"product": "QuickJS",
"vendor": "QuickJS",
"versions": [
{
"lessThan": "2025-09-13",
"status": "affected",
"version": "2025-04-26",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Google Big Sleep"
}
],
"datePublic": "2025-07-24T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability stemming from floating-point arithmetic precision errors exists in the QuickJS engine\u0027s implementation of \u003ccode\u003eTypedArray.prototype.indexOf()\u003c/code\u003e when a negative \u003cb\u003e\u003ccode\u003efromIndex\u003c/code\u003e\u003c/b\u003e argument is supplied.\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003eThe \u003ccode\u003efromIndex\u003c/code\u003e argument (read as a \u003ccode\u003edouble\u003c/code\u003e variable, $d$) is used to calculate the starting position for the search.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eIf d is negative, the index is calculated relative to the end of the array by adding the array\u0027s length (len) to d:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e$$d_{new} = d + \\text{len}$$\u003c/div\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eDue to the inherent limitations of \u003cb\u003efloating-point arithmetic\u003c/b\u003e, if the negative value $d$ is extremely small (e.g., $-1 \\times 10^{-20}$), the addition $d + \\text{len}$ can result in a loss of precision, yielding an outcome that is \u003cb\u003eexactly equal to $\\text{len}$\u003c/b\u003e.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eThe result is then converted to an integer index $k$: $k = \\text{len}$.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eThe search function proceeds to read array elements starting from index $k$. Since valid indices are $0$ to $\\text{len}-1$, starting the read at index $\\text{len}$ is \u003cb\u003eone element past the end of the array\u003c/b\u003e.\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003eThis allows an attacker to cause an \u003cb\u003eOut-of-Bounds Read\u003c/b\u003e of one element immediately following the buffer. While the scope of this read is small (one element), it can potentially lead to \u003cb\u003eInformation Disclosure\u003c/b\u003e of adjacent memory contents, depending on the execution environment.\u003cbr\u003e"
}
],
"value": "A vulnerability stemming from floating-point arithmetic precision errors exists in the QuickJS engine\u0027s implementation of TypedArray.prototype.indexOf() when a negative fromIndex argument is supplied.\n\n * The fromIndex argument (read as a double variable, $d$) is used to calculate the starting position for the search.\n\n\n * If d is negative, the index is calculated relative to the end of the array by adding the array\u0027s length (len) to d:\n\n\n\n$$d_{new} = d + \\text{len}$$\n\n\n * Due to the inherent limitations of floating-point arithmetic, if the negative value $d$ is extremely small (e.g., $-1 \\times 10^{-20}$), the addition $d + \\text{len}$ can result in a loss of precision, yielding an outcome that is exactly equal to $\\text{len}$.\n\n\n * The result is then converted to an integer index $k$: $k = \\text{len}$.\n\n\n * The search function proceeds to read array elements starting from index $k$. Since valid indices are $0$ to $\\text{len}-1$, starting the read at index $\\text{len}$ is one element past the end of the array.\n\n\nThis allows an attacker to cause an Out-of-Bounds Read of one element immediately following the buffer. While the scope of this read is small (one element), it can potentially lead to Information Disclosure of adjacent memory contents, depending on the execution environment."
}
],
"impacts": [
{
"capecId": "CAPEC-175",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-175 Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T15:51:34.445Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://bellard.org/quickjs/Changelog"
},
{
"url": "https://issuetracker.google.com/434194797"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap out-of-bounds read in js_typed_array_indexOf in QuickJS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-62492",
"datePublished": "2025-10-16T15:51:34.445Z",
"dateReserved": "2025-10-15T08:47:41.878Z",
"dateUpdated": "2025-10-16T18:02:02.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62491 (GCVE-0-2025-62491)
Vulnerability from cvelistv5 – Published: 2025-10-16 15:51 – Updated: 2025-10-16 18:04
VLAI?
Summary
A Use-After-Free (UAF) vulnerability exists in the QuickJS engine's standard library when iterating over the global list of unhandled rejected promises (ts->rejected_promise_list).
* The function js_std_promise_rejection_check attempts to iterate over the rejected_promise_list to report unhandled rejections using a standard list loop.
* The reason for a promise rejection is processed inside the loop, including calling js_std_dump_error1(ctx, rp->reason).
* If the promise rejection reason is an Error object that defines a custom property getter (e.g., via Object.defineProperty), this getter is executed during the error dumping process.
* The malicious custom getter can execute JavaScript code that calls catch() on the same rejected promise being processed.
* Calling catch() internally triggers js_std_promise_rejection_tracker, which then removes and frees the current promise entry (JSRejectedPromiseEntry) from the rejected_promise_list.
* Since the list iteration continues using the now-freed memory pointer (el), the subsequent loop access results in a Use-After-Free condition.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
Credits
Google Big Sleep
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62491",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T18:03:58.190903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T18:04:16.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://bellard.org/quickjs/",
"defaultStatus": "unaffected",
"packageName": "js_std_promise_rejection_check",
"product": "QuickJS",
"vendor": "QuickJS",
"versions": [
{
"lessThan": "2025-09-13",
"status": "affected",
"version": "2025-04-26",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Google Big Sleep"
}
],
"datePublic": "2025-07-24T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA \u003cb\u003eUse-After-Free (UAF)\u003c/b\u003e vulnerability exists in the QuickJS engine\u0027s standard library when iterating over the global list of unhandled rejected promises (\u003ccode\u003ets-\u0026gt;rejected_promise_list\u003c/code\u003e).\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003eThe function \u003cb\u003e\u003ccode\u003ejs_std_promise_rejection_check\u003c/code\u003e\u003c/b\u003e attempts to iterate over the \u003ccode\u003erejected_promise_list\u003c/code\u003e to report unhandled rejections using a standard list loop.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eThe \u003cb\u003ereason\u003c/b\u003e for a promise rejection is processed inside the loop, including calling \u003ccode\u003ejs_std_dump_error1(ctx, rp-\u0026gt;reason)\u003c/code\u003e.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eIf the promise \u003cb\u003erejection reason\u003c/b\u003e is an \u003cb\u003eError object\u003c/b\u003e that defines a custom property \u003cb\u003egetter\u003c/b\u003e (e.g., via \u003ccode\u003eObject.defineProperty\u003c/code\u003e), this getter is executed during the error dumping process.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eThe malicious custom getter can execute JavaScript code that calls \u003cb\u003e\u003ccode\u003ecatch()\u003c/code\u003e\u003c/b\u003e on the \u003ci\u003esame\u003c/i\u003e rejected promise being processed.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eCalling \u003ccode\u003ecatch()\u003c/code\u003e internally triggers \u003cb\u003e\u003ccode\u003ejs_std_promise_rejection_tracker\u003c/code\u003e\u003c/b\u003e, which then \u003cb\u003eremoves and frees\u003c/b\u003e the current promise entry (\u003ccode\u003eJSRejectedPromiseEntry\u003c/code\u003e) from the \u003ccode\u003erejected_promise_list\u003c/code\u003e.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eSince the list iteration continues using the now-freed memory pointer (\u003ccode\u003eel\u003c/code\u003e), the subsequent loop access results in a \u003cb\u003eUse-After-Free\u003c/b\u003e condition.\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "A Use-After-Free (UAF) vulnerability exists in the QuickJS engine\u0027s standard library when iterating over the global list of unhandled rejected promises (ts-\u003erejected_promise_list).\n\n * The function js_std_promise_rejection_check attempts to iterate over the rejected_promise_list to report unhandled rejections using a standard list loop.\n\n\n * The reason for a promise rejection is processed inside the loop, including calling js_std_dump_error1(ctx, rp-\u003ereason).\n\n\n * If the promise rejection reason is an Error object that defines a custom property getter (e.g., via Object.defineProperty), this getter is executed during the error dumping process.\n\n\n * The malicious custom getter can execute JavaScript code that calls catch() on the same rejected promise being processed.\n\n\n * Calling catch() internally triggers js_std_promise_rejection_tracker, which then removes and frees the current promise entry (JSRejectedPromiseEntry) from the rejected_promise_list.\n\n\n * Since the list iteration continues using the now-freed memory pointer (el), the subsequent loop access results in a Use-After-Free condition."
}
],
"impacts": [
{
"capecId": "CAPEC-175",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-175 Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T15:51:24.238Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://bellard.org/quickjs/Changelog"
},
{
"url": "https://issuetracker.google.com/434195203"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use-after-free in js_std_promise_rejection_check in QuickJS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-62491",
"datePublished": "2025-10-16T15:51:24.238Z",
"dateReserved": "2025-10-15T08:47:41.878Z",
"dateUpdated": "2025-10-16T18:04:16.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62490 (GCVE-0-2025-62490)
Vulnerability from cvelistv5 – Published: 2025-10-16 15:51 – Updated: 2025-10-16 18:08
VLAI?
Summary
In quickjs, in js_print_object, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not side-effect free. An attacker-defined callback could run during js_print_value, during which the array could get resized and len1 become out of bounds. This results in a use-after-free.A second instance occurs in the same function during printing of a map or set objects. The code iterates over ms->records list, but once again, elements could be removed from the list during js_print_value call.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
Credits
Google Big Sleep
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62490",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T18:07:46.371137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T18:08:20.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://bellard.org/quickjs/",
"defaultStatus": "unaffected",
"packageName": "js_print_object",
"product": "QuickJS",
"vendor": "QuickJS",
"versions": [
{
"lessThan": "2025-09-13",
"status": "affected",
"version": "2025-04-26",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Google Big Sleep"
}
],
"datePublic": "2025-07-24T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn quickjs, in \u003c/span\u003e\u003ccode\u003ejs_print_object\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, when printing an array, the function first fetches the array length and then loops over it.\u0026nbsp;\u003c/span\u003eThe issue is, printing a value is not side-effect free. An attacker-defined callback could run during \u003ccode\u003ejs_print_value\u003c/code\u003e, during which the array could get resized and \u003ccode\u003elen1\u003c/code\u003e\u0026nbsp;become out of bounds. This results in a use-after-free.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cp\u003eA second instance occurs in the same function during printing of a map or set objects. The code iterates over \u003ccode\u003ems-\u0026gt;records\u003c/code\u003e\u0026nbsp;list, but once again, elements could be removed from the list during \u003ccode\u003ejs_print_value\u003c/code\u003e\u0026nbsp;call.\u003c/p\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In quickjs, in js_print_object, when printing an array, the function first fetches the array length and then loops over it.\u00a0The issue is, printing a value is not side-effect free. An attacker-defined callback could run during js_print_value, during which the array could get resized and len1\u00a0become out of bounds. This results in a use-after-free.A second instance occurs in the same function during printing of a map or set objects. The code iterates over ms-\u003erecords\u00a0list, but once again, elements could be removed from the list during js_print_value\u00a0call."
}
],
"impacts": [
{
"capecId": "CAPEC-175",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-175 Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T15:51:06.100Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://bellard.org/quickjs/Changelog"
},
{
"url": "https://issuetracker.google.com/434196651"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use-after-free in js_print_object in QuickJS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-62490",
"datePublished": "2025-10-16T15:51:06.100Z",
"dateReserved": "2025-10-15T08:47:41.877Z",
"dateUpdated": "2025-10-16T18:08:20.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5009 (GCVE-0-2025-5009)
Vulnerability from cvelistv5 – Published: 2025-10-08 15:31 – Updated: 2025-10-08 15:56
VLAI?
Summary
In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire conversation via a sharable public link that contained the entire conversation history and not just the snippet.
Severity ?
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5009",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T15:55:49.577286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T15:56:00.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"iOS"
],
"product": "Gemini",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire conversation via a sharable public link that contained the entire conversation history and not just the snippet."
}
],
"value": "In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire conversation via a sharable public link that contained the entire conversation history and not just the snippet."
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 1,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T15:31:22.903Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://medium.com/@warisjeet31/google-gemini-ios-vulnerability-public-link-sharing-silently-leaks-entire-conversations-e1f80cbea25c"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure in Gemini iOS App",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-5009",
"datePublished": "2025-10-08T15:31:22.903Z",
"dateReserved": "2025-05-20T13:43:12.869Z",
"dateUpdated": "2025-10-08T15:56:00.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59734 (GCVE-0-2025-59734)
Vulnerability from cvelistv5 – Published: 2025-10-06 08:09 – Updated: 2025-10-19 14:51
VLAI?
Summary
It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion <2.
When a STOR chunk is present, a subsequent FOBJ chunk will be saved in ctx->stored_frame. Stored frames can later be referenced by FTCH chunks. For files using subversion < 2, the undecoded frame is stored, and decoded again when the FTCH chunks are parsed. However, in process_frame_obj if the frame has an invalid size, there’s an early return, with a value of 0.
This causes the code in decode_frame to still store the raw frame buffer into ctx->stored_frame. Leaving ctx->has_dimensions set to false.
A subsequent chunk with type FTCH would call process_ftch and decode that frame obj again, adding to the top/left values and calling process_frame_obj again.
Given that we never set ctx->have_dimensions before, this time we set the dimensions, calling init_buffers, which can reallocate the buffer in ctx->stored_frame, freeing the previous one. However, the GetByteContext object gb still holds a reference to the old buffer.
Finally, when the code tries to decode the frame, codecs that accept a GetByteContext as a parameter will trigger a use-after-free read when using gb.
GetByteContext is only used for reading bytes, so at most one could read invalid data. There are no heap allocations between the free and when the object is accessed. However, upon returning to process_ftch, the code restores the original values for top/left in stored_frame, writing 4 bytes to the freed data at offset 6, potentially corrupting the allocator’s metadata.
This issue can be triggered just by probing whether a file has the sanm format.
We recommend upgrading to version 8.0 or beyond.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
Credits
Google Big Sleep
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59734",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T03:55:14.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.ffmpeg.org/ffmpeg.git",
"defaultStatus": "unaffected",
"packageName": "SANM",
"product": "FFmpeg",
"repo": "https://git.ffmpeg.org/ffmpeg.git",
"vendor": "FFmpeg",
"versions": [
{
"lessThan": "8.0",
"status": "affected",
"version": "4d7c609be37dc57d31527c8c9e5945dc9491a7cd",
"versionType": "custom"
},
{
"lessThan": "8.0",
"status": "affected",
"version": "7.1.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Google Big Sleep"
}
],
"datePublic": "2025-08-20T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIt is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion \u0026lt;2.\u003c/p\u003e\u003cp\u003eWhen a \u003ccode\u003eSTOR\u003c/code\u003e\u0026nbsp;chunk is present, a subsequent \u003ccode\u003eFOBJ\u003c/code\u003e\u0026nbsp;chunk will be saved in \u003ccode\u003ectx-\u0026gt;stored_frame\u003c/code\u003e. Stored frames can later be referenced by \u003ccode\u003eFTCH\u003c/code\u003e\u0026nbsp;chunks. For files using subversion \u0026lt; 2, the undecoded frame is stored, and decoded again when the \u003ccode\u003eFTCH\u003c/code\u003e\u0026nbsp;chunks are parsed.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHowever, in \u003c/span\u003e\u003ccode\u003eprocess_frame_obj\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;if the frame has an invalid size, there\u2019s an early return, with a value of 0.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis causes the code in \u003ccode\u003edecode_frame\u003c/code\u003e\u0026nbsp;to still store the raw frame buffer into \u003ccode\u003ectx-\u0026gt;stored_frame\u003c/code\u003e. Leaving \u003ccode\u003ectx-\u0026gt;has_dimensions\u003c/code\u003e\u0026nbsp;set to \u003ccode\u003efalse\u003c/code\u003e.\u003c/p\u003e\u003cp\u003eA subsequent chunk with type \u003ccode\u003eFTCH\u003c/code\u003e\u0026nbsp;would call \u003ccode\u003eprocess_ftch\u003c/code\u003e\u0026nbsp;and decode that frame obj again, adding to the top/left values and calling \u003ccode\u003eprocess_frame_obj\u003c/code\u003e\u0026nbsp;again.\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGiven that we never set \u003c/span\u003e\u003ccode\u003ectx-\u0026gt;have_dimensions\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;before, this time we set the dimensions, calling \u003c/span\u003e\u003ccode\u003einit_buffers\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, which can reallocate the buffer in \u003c/span\u003e\u003ccode\u003ectx-\u0026gt;stored_frame\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, freeing the previous one. However, the \u003c/span\u003e\u003ccode\u003eGetByteContext\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;object \u003c/span\u003e\u003ccode\u003egb\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;still holds a reference to the old buffer.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eFinally, when the code tries to decode the frame, codecs that accept a \u003ccode\u003eGetByteContext\u003c/code\u003e\u0026nbsp;as a parameter will trigger a use-after-free read when using \u003ccode\u003egb\u003c/code\u003e.\u003c/p\u003e\u003cp\u003e\u003ccode\u003eGetByteContext\u003c/code\u003e\u0026nbsp;is only used for reading bytes, so at most one could read invalid data. There are no heap allocations between the \u003ccode\u003efree\u003c/code\u003e\u0026nbsp;and when the object is accessed. However, upon returning to \u003ccode\u003eprocess_ftch\u003c/code\u003e, the code \u003cem\u003erestores\u003c/em\u003e\u0026nbsp;the original values for top/left in \u003ccode\u003estored_frame\u003c/code\u003e, writing 4 bytes to the freed data at offset 6, potentially corrupting the allocator\u2019s metadata.\u003c/p\u003e\u003cp\u003eThis issue can be triggered just by probing whether a file has the sanm format.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003eWe recommend upgrading to version 8.0 or beyond.\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion \u003c2.\n\nWhen a STOR\u00a0chunk is present, a subsequent FOBJ\u00a0chunk will be saved in ctx-\u003estored_frame. Stored frames can later be referenced by FTCH\u00a0chunks. For files using subversion \u003c 2, the undecoded frame is stored, and decoded again when the FTCH\u00a0chunks are parsed.\u00a0However, in process_frame_obj\u00a0if the frame has an invalid size, there\u2019s an early return, with a value of 0.\u00a0\n\nThis causes the code in decode_frame\u00a0to still store the raw frame buffer into ctx-\u003estored_frame. Leaving ctx-\u003ehas_dimensions\u00a0set to false.\n\nA subsequent chunk with type FTCH\u00a0would call process_ftch\u00a0and decode that frame obj again, adding to the top/left values and calling process_frame_obj\u00a0again.\nGiven that we never set ctx-\u003ehave_dimensions\u00a0before, this time we set the dimensions, calling init_buffers, which can reallocate the buffer in ctx-\u003estored_frame, freeing the previous one. However, the GetByteContext\u00a0object gb\u00a0still holds a reference to the old buffer.\n\n\n\n\nFinally, when the code tries to decode the frame, codecs that accept a GetByteContext\u00a0as a parameter will trigger a use-after-free read when using gb.\n\nGetByteContext\u00a0is only used for reading bytes, so at most one could read invalid data. There are no heap allocations between the free\u00a0and when the object is accessed. However, upon returning to process_ftch, the code restores\u00a0the original values for top/left in stored_frame, writing 4 bytes to the freed data at offset 6, potentially corrupting the allocator\u2019s metadata.\n\nThis issue can be triggered just by probing whether a file has the sanm format.\n\n\n\n\n\n\n\nWe recommend upgrading to version 8.0 or beyond."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-19T14:51:43.143Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://issuetracker.google.com/440183164"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap-buffer-overflow write in FFmpeg SANM process_ftch",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-59734",
"datePublished": "2025-10-06T08:09:44.280Z",
"dateReserved": "2025-09-19T08:11:37.550Z",
"dateUpdated": "2025-10-19T14:51:43.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59733 (GCVE-0-2025-59733)
Vulnerability from cvelistv5 – Published: 2025-10-06 08:09 – Updated: 2025-10-19 14:52
VLAI?
Summary
When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type (and size), and that if there are four channels, the first four are "B", "G", "R" and "A". The channel parsing code can be found in decode_header. The buffer td->uncompressed_data is allocated in decode_block based on the xsize, ysize and computed current_channel_offset.
The function dwa_uncompress then assumes at [5] that if there are 4 channels, these are "B", "G", "R" and "A", and in the calculations at [6] and [7] that all channels are of the same type, which matches the type of the main color channels.
If we set the main color channels to a 4-byte type and add duplicate or unknown channels of the 2-byte EXR_HALF type, then the addition at [7] will increment the pointer by 4-bytes * xsize * nb_channels, which will exceed the allocated buffer.
We recommend upgrading to version 8.0 or beyond.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
Credits
Google Big Sleep
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59733",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T03:55:13.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.ffmpeg.org/ffmpeg.git",
"defaultStatus": "unaffected",
"packageName": "EXR",
"product": "FFmpeg",
"repo": "https://git.ffmpeg.org/ffmpeg.git",
"vendor": "FFmpeg",
"versions": [
{
"lessThan": "8.0",
"status": "affected",
"version": "9a32b863074ed4140141e0d3613905c6f1fe61c5",
"versionType": "custom"
},
{
"lessThan": "8.0",
"status": "affected",
"version": "7.1.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Google Big Sleep"
}
],
"datePublic": "2025-08-04T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen decoding an OpenEXR file that uses DWAA or DWAB compression, there\u0027s an implicit assumption that all image channels have the same pixel type (and size), and that if there are four channels, the first four are \u003c/span\u003e\u003ccode\u003e\"B\"\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, \u003c/span\u003e\u003ccode\u003e\"G\"\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, \u003c/span\u003e\u003ccode\u003e\"R\"\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and \u003c/span\u003e\u003ccode\u003e\"A\"\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. The channel parsing code can be found in \u003c/span\u003e\u003ccode\u003edecode_header.\u0026nbsp;\u003cp\u003eThe buffer \u003ccode\u003etd-\u0026gt;uncompressed_data\u003c/code\u003e\u0026nbsp;is allocated in \u003ccode\u003edecode_block\u003c/code\u003e\u0026nbsp;based on the \u003ccode\u003exsize\u003c/code\u003e, \u003ccode\u003eysize\u003c/code\u003e\u0026nbsp;and computed \u003ccode\u003ecurrent_channel_offset\u003c/code\u003e.\u003c/p\u003e\u003cp\u003eThe function \u003ccode\u003edwa_uncompress\u003c/code\u003e\u0026nbsp;then assumes at [5] that if there are 4 channels, these are \u003ccode\u003e\"B\"\u003c/code\u003e, \u003ccode\u003e\"G\"\u003c/code\u003e, \u003ccode\u003e\"R\"\u003c/code\u003e\u0026nbsp;and \u003ccode\u003e\"A\"\u003c/code\u003e, and in the calculations at [6] and [7] that all channels are of the same type, which matches the type of the main color channels.\u003c/p\u003e\u003cp\u003eIf we set the main color channels to a 4-byte type and add duplicate or unknown channels of the 2-byte \u003ccode\u003eEXR_HALF\u003c/code\u003e\u0026nbsp;type, then the addition at [7] will increment the pointer by \u003ccode\u003e4-bytes * xsize * nb_channels\u003c/code\u003e, which will exceed the allocated buffer.\u003c/p\u003e\u003c/code\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003eWe recommend upgrading to version 8.0 or beyond.\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "When decoding an OpenEXR file that uses DWAA or DWAB compression, there\u0027s an implicit assumption that all image channels have the same pixel type (and size), and that if there are four channels, the first four are \"B\", \"G\", \"R\"\u00a0and \"A\". The channel parsing code can be found in decode_header.\u00a0The buffer td-\u003euncompressed_data\u00a0is allocated in decode_block\u00a0based on the xsize, ysize\u00a0and computed current_channel_offset.\n\nThe function dwa_uncompress\u00a0then assumes at [5] that if there are 4 channels, these are \"B\", \"G\", \"R\"\u00a0and \"A\", and in the calculations at [6] and [7] that all channels are of the same type, which matches the type of the main color channels.\n\nIf we set the main color channels to a 4-byte type and add duplicate or unknown channels of the 2-byte EXR_HALF\u00a0type, then the addition at [7] will increment the pointer by 4-bytes * xsize * nb_channels, which will exceed the allocated buffer.\n\n\n\n\n\nWe recommend upgrading to version 8.0 or beyond."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-19T14:52:14.577Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://issuetracker.google.com/436511754"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-59733",
"datePublished": "2025-10-06T08:09:37.290Z",
"dateReserved": "2025-09-19T08:11:37.550Z",
"dateUpdated": "2025-10-19T14:52:14.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59732 (GCVE-0-2025-59732)
Vulnerability from cvelistv5 – Published: 2025-10-06 08:09 – Updated: 2025-10-19 14:52
VLAI?
Summary
When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8.
If the height or width of the image is not divisible by 8, the copy loops at [0] and [1] will continue to write until the next multiple of 8.
The buffer td->uncompressed_data is allocated in decode_block based on the precise height and width of the image, so the "rounded-up" multiple of 8 in the copy loop can exceed the buffer bounds, and the write block starting at [2] can corrupt following heap memory.
We recommend upgrading to version 8.0 or beyond.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
Credits
Google Big Sleep
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59732",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T03:55:12.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.ffmpeg.org/ffmpeg.git",
"defaultStatus": "unaffected",
"packageName": "EXR",
"product": "FFmpeg",
"repo": "https://git.ffmpeg.org/ffmpeg.git",
"vendor": "FFmpeg",
"versions": [
{
"lessThan": "8.0",
"status": "affected",
"version": "9a32b863074ed4140141e0d3613905c6f1fe61c5",
"versionType": "custom"
},
{
"lessThan": "8.0",
"status": "affected",
"version": "7.1.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Google Big Sleep"
}
],
"datePublic": "2025-08-04T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eWhen decoding an OpenEXR file that uses DWAA or DWAB compression, there\u0027s an implicit assumption that the height and width are divisible by 8.\u003c/p\u003e\u003cp\u003eIf the height or width of the image is not divisible by 8, the copy loops at [0] and [1] will continue to write until the next multiple of 8.\u003c/p\u003e\u003cp\u003eThe buffer \u003ccode\u003etd-\u0026gt;uncompressed_data\u003c/code\u003e\u0026nbsp;is allocated in \u003ccode\u003edecode_block\u003c/code\u003e\u0026nbsp;based on the precise height and width of the image, so the \"rounded-up\" multiple of 8 in the copy loop can exceed the buffer bounds, and the write block starting at [2] can corrupt following heap memory.\u003c/p\u003e\u003cp\u003e\u003c/p\u003eWe recommend upgrading to version 8.0 or beyond.\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "When decoding an OpenEXR file that uses DWAA or DWAB compression, there\u0027s an implicit assumption that the height and width are divisible by 8.\n\nIf the height or width of the image is not divisible by 8, the copy loops at [0] and [1] will continue to write until the next multiple of 8.\n\nThe buffer td-\u003euncompressed_data\u00a0is allocated in decode_block\u00a0based on the precise height and width of the image, so the \"rounded-up\" multiple of 8 in the copy loop can exceed the buffer bounds, and the write block starting at [2] can corrupt following heap memory.\n\n\n\nWe recommend upgrading to version 8.0 or beyond."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-19T14:52:36.920Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://issuetracker.google.com/436510316"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-59732",
"datePublished": "2025-10-06T08:09:31.276Z",
"dateReserved": "2025-09-19T08:11:37.550Z",
"dateUpdated": "2025-10-19T14:52:36.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59731 (GCVE-0-2025-59731)
Vulnerability from cvelistv5 – Published: 2025-10-06 08:09 – Updated: 2025-10-19 14:53
VLAI?
Summary
When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data.
We read rle_raw_size from the input file at [0], we decompress and decode into the buffer td->rle_raw_data of size rle_raw_size at [1], and then at [2] we will access entries in this buffer up to (td->xsize - 1) * (td->ysize - 1) + rle_raw_size / 2, which may exceed rle_raw_size.
We recommend upgrading to version 8.0 or beyond.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
Credits
Google Big Sleep
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T03:55:11.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.ffmpeg.org/ffmpeg.git",
"defaultStatus": "unaffected",
"packageName": "EXR",
"product": "FFmpeg",
"repo": "https://git.ffmpeg.org/ffmpeg.git",
"vendor": "FFmpeg",
"versions": [
{
"lessThan": "8.0",
"status": "affected",
"version": "9a32b863074ed4140141e0d3613905c6f1fe61c5",
"versionType": "custom"
},
{
"lessThan": "8.0",
"status": "affected",
"version": "7.1.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Google Big Sleep"
}
],
"datePublic": "2025-08-04T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eWhen decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data.\u003c/p\u003e\u003cp\u003eWe read \u003ccode\u003erle_raw_size\u003c/code\u003e\u0026nbsp;from the input file at [0], we decompress and decode into the buffer \u003ccode\u003etd-\u0026gt;rle_raw_data\u003c/code\u003e\u0026nbsp;of size \u003ccode\u003erle_raw_size\u003c/code\u003e\u0026nbsp;at [1], and then at [2] we will access entries in this buffer up to \u003ccode\u003e(td-\u0026gt;xsize - 1) * (td-\u0026gt;ysize - 1) + rle_raw_size / 2\u003c/code\u003e, which may exceed \u003ccode\u003erle_raw_size\u003c/code\u003e.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003eWe recommend upgrading to version 8.0 or beyond.\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data.\n\nWe read rle_raw_size\u00a0from the input file at [0], we decompress and decode into the buffer td-\u003erle_raw_data\u00a0of size rle_raw_size\u00a0at [1], and then at [2] we will access entries in this buffer up to (td-\u003exsize - 1) * (td-\u003eysize - 1) + rle_raw_size / 2, which may exceed rle_raw_size.\n\n\n\n\nWe recommend upgrading to version 8.0 or beyond."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-19T14:53:00.719Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://issuetracker.google.com/436510153"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-59731",
"datePublished": "2025-10-06T08:09:23.410Z",
"dateReserved": "2025-09-19T08:11:37.550Z",
"dateUpdated": "2025-10-19T14:53:00.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59730 (GCVE-0-2025-59730)
Vulnerability from cvelistv5 – Published: 2025-10-06 08:09 – Updated: 2025-10-06 16:23
VLAI?
Summary
When decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be larger than the buffer allocated for it.
Frames encoded with codec 48 can specify their resolution (width x height). A buffer of appropriate size is allocated depending on the resolution.
This codec can encode the frame contents using a run-length encoding algorithm. There are no checks that the decoded frame fits in the allocated buffer, leading to a heap-buffer-overflow.
process_frame_obj initializes the buffers based on the frame resolution:
We recommend upgrading to version 8.0 or beyond.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
Credits
Google Big Sleep
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T16:22:19.576410Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T16:23:59.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.ffmpeg.org/ffmpeg.git",
"defaultStatus": "unaffected",
"packageName": "SANM",
"product": "FFmpeg",
"repo": "https://git.ffmpeg.org/ffmpeg.git",
"vendor": "FFmpeg",
"versions": [
{
"lessThan": "8.0",
"status": "affected",
"version": "829680f96a7a7ff02d1543895ec0fb713309d5c0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Google Big Sleep"
}
],
"datePublic": "2025-07-27T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eWhen decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be larger than the buffer allocated for it.\u003c/p\u003e\u003cp\u003eFrames encoded with codec 48 can specify their resolution (width x height). A buffer of appropriate size is allocated depending on the resolution.\u003c/p\u003e\u003cp\u003eThis codec can encode the frame contents using a run-length encoding algorithm. There are no checks that the decoded frame fits in the allocated buffer, leading to a heap-buffer-overflow.\u003c/p\u003e\u003cp\u003e\u003ccode\u003eprocess_frame_obj\u003c/code\u003e\u0026nbsp;initializes the buffers based on the frame resolution:\u003c/p\u003e\u003cp\u003e\u003c/p\u003eWe recommend upgrading to version 8.0 or beyond.\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "When decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be larger than the buffer allocated for it.\n\nFrames encoded with codec 48 can specify their resolution (width x height). A buffer of appropriate size is allocated depending on the resolution.\n\nThis codec can encode the frame contents using a run-length encoding algorithm. There are no checks that the decoded frame fits in the allocated buffer, leading to a heap-buffer-overflow.\n\nprocess_frame_obj\u00a0initializes the buffers based on the frame resolution:\n\n\n\nWe recommend upgrading to version 8.0 or beyond."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T08:09:11.029Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://issuetracker.google.com/434637586"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap-buffer-overflow write in FFmpeg SANM decoding due to lack of bounds-checking in old_codec48",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-59730",
"datePublished": "2025-10-06T08:09:11.029Z",
"dateReserved": "2025-09-19T08:11:37.550Z",
"dateUpdated": "2025-10-06T16:23:59.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59729 (GCVE-0-2025-59729)
Vulnerability from cvelistv5 – Published: 2025-10-06 08:08 – Updated: 2025-10-06 16:28
VLAI?
Summary
When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer.
If we load a DHAV file that is larger than MAX_DURATION_BUFFER_SIZE bytes (0x100000) for example 0x101000 bytes, then at [0] we have size = 0x101000. At [1] we have end_buffer_size = 0x100000, and at [2] we have end_buffer_pos = 0x1000.
The loop then scans backwards through the buffer looking for the dhav tag; when it is found, we'll calculate end_pos based on a 32-bit offset read from the buffer.
There is subsequently a check [3] that end_pos is within the section of the file that has been copied into end_buffer, but it only correctly handles the cases where end_pos is before the start of the file or after the section copied into end_buffer, and not the case where end_pos is within the the file, but before the section copied into end_buffer. If we provide such an offset, (end_pos - end_buffer_pos) can underflow, resulting in the subsequent access at [4] occurring before the beginning of the allocation.
We recommend upgrading to version 8.0 or beyond.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
Credits
Google Big Sleep
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T16:25:07.013593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T16:28:37.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.ffmpeg.org/ffmpeg.git",
"defaultStatus": "unaffected",
"modules": [
"get_duration"
],
"packageName": "DHAV",
"product": "FFmpeg",
"repo": "https://git.ffmpeg.org/ffmpeg.git",
"vendor": "FFmpeg",
"versions": [
{
"lessThan": "8.0",
"status": "affected",
"version": "a218cafe4d3be005ab0c61130f90db4d21afb5db",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Google Big Sleep"
}
],
"datePublic": "2025-07-21T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eWhen parsing the header for a DHAV file, there\u0027s an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer.\u003c/p\u003e\u003cp\u003eIf we load a DHAV file that is larger than \u003ccode\u003eMAX_DURATION_BUFFER_SIZE\u003c/code\u003e\u0026nbsp;bytes (\u003ccode\u003e0x100000\u003c/code\u003e) for example 0x101000 bytes, then at [0] we have \u003ccode\u003esize = 0x101000\u003c/code\u003e. At [1] we have \u003ccode\u003eend_buffer_size = 0x100000\u003c/code\u003e, and at [2] we have \u003ccode\u003eend_buffer_pos = 0x1000\u003c/code\u003e.\u003c/p\u003e\u003cp\u003eThe loop then scans backwards through the buffer looking for the \u003ccode\u003edhav\u003c/code\u003e\u0026nbsp;tag; when it is found, we\u0027ll calculate \u003ccode\u003eend_pos\u003c/code\u003e\u0026nbsp;based on a 32-bit offset read from the buffer.\u003c/p\u003e\u003cp\u003eThere is subsequently a check [3] that \u003ccode\u003eend_pos\u003c/code\u003e\u0026nbsp;is within the section of the file that has been copied into \u003ccode\u003eend_buffer\u003c/code\u003e, but it only correctly handles the cases where \u003ccode\u003eend_pos\u003c/code\u003e\u0026nbsp;is \u003cem\u003ebefore the start of the file\u003c/em\u003e\u0026nbsp;or \u003cem\u003eafter the section copied into \u003ccode\u003eend_buffer\u003c/code\u003e\u003c/em\u003e, and not the case where \u003ccode\u003eend_pos\u003c/code\u003e\u0026nbsp;is within the the file, but before the section copied into \u003ccode\u003eend_buffer\u003c/code\u003e. If we provide such an offset, \u003ccode\u003e(end_pos - end_buffer_pos)\u003c/code\u003e\u0026nbsp;can underflow, resulting in the subsequent access at [4] occurring before the beginning of the allocation.\u003c/p\u003eWe recommend upgrading to version 8.0 or beyond.\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "When parsing the header for a DHAV file, there\u0027s an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer.\n\nIf we load a DHAV file that is larger than MAX_DURATION_BUFFER_SIZE\u00a0bytes (0x100000) for example 0x101000 bytes, then at [0] we have size = 0x101000. At [1] we have end_buffer_size = 0x100000, and at [2] we have end_buffer_pos = 0x1000.\n\nThe loop then scans backwards through the buffer looking for the dhav\u00a0tag; when it is found, we\u0027ll calculate end_pos\u00a0based on a 32-bit offset read from the buffer.\n\nThere is subsequently a check [3] that end_pos\u00a0is within the section of the file that has been copied into end_buffer, but it only correctly handles the cases where end_pos\u00a0is before the start of the file\u00a0or after the section copied into end_buffer, and not the case where end_pos\u00a0is within the the file, but before the section copied into end_buffer. If we provide such an offset, (end_pos - end_buffer_pos)\u00a0can underflow, resulting in the subsequent access at [4] occurring before the beginning of the allocation.\n\nWe recommend upgrading to version 8.0 or beyond."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T08:08:46.060Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://issuetracker.google.com/433513232"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap-buffer-overflow read in FFmpeg DHAV get_duration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-59729",
"datePublished": "2025-10-06T08:08:46.060Z",
"dateReserved": "2025-09-19T08:11:37.549Z",
"dateUpdated": "2025-10-06T16:28:37.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59728 (GCVE-0-2025-59728)
Vulnerability from cvelistv5 – Published: 2025-10-06 08:08 – Updated: 2025-10-08 03:55
VLAI?
Summary
When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is not an empty string, it is assigned to root_url at [1].If the last (non-NUL) byte in this buffer is not '/' then we append '/' in-place at [2]. This will write two bytes into the buffer, starting at the last valid byte in the buffer, writing the NUL byte beyond the end of the allocated buffer.
We recommend upgrading to version 8.0 or beyond.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
Credits
Google Big Sleep
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59728",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T03:55:08.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.ffmpeg.org/ffmpeg.git",
"defaultStatus": "unaffected",
"product": "MPEG-DASH",
"repo": "https://git.ffmpeg.org/ffmpeg.git",
"vendor": "FFmpeg",
"versions": [
{
"lessThan": "8.0",
"status": "affected",
"version": "7.1.1",
"versionType": "semver"
},
{
"lessThan": "8.0",
"status": "affected",
"version": "a218cafe4d3be005ab0c61130f90db4d21afb5db",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Google Big Sleep"
}
],
"datePublic": "2025-07-21T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWhen calculating the content path in handling of MPEG-DASH manifests, there\u0027s an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call \u003ccode\u003exmlNodeGetContent\u003c/code\u003e\u0026nbsp;below [0], it returns a buffer precisely allocated to match the string length, using \u003ccode\u003estrdup\u003c/code\u003e\u0026nbsp;internally. If this buffer is not an empty string, it is assigned to \u003ccode\u003eroot_url\u003c/code\u003e\u0026nbsp;at [1].If the last (non-NUL) byte in this buffer is not \u003ccode\u003e\u0027/\u0027\u003c/code\u003e\u0026nbsp;then we append \u003ccode\u003e\u0027/\u0027\u003c/code\u003e\u0026nbsp;in-place at [2]. This will write two bytes into the buffer, starting at the last valid byte in the buffer, writing the NUL byte beyond the end of the allocated buffer.\u003cbr\u003eWe recommend upgrading to version 8.0 or beyond.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "When calculating the content path in handling of MPEG-DASH manifests, there\u0027s an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent\u00a0below [0], it returns a buffer precisely allocated to match the string length, using strdup\u00a0internally. If this buffer is not an empty string, it is assigned to root_url\u00a0at [1].If the last (non-NUL) byte in this buffer is not \u0027/\u0027\u00a0then we append \u0027/\u0027\u00a0in-place at [2]. This will write two bytes into the buffer, starting at the last valid byte in the buffer, writing the NUL byte beyond the end of the allocated buffer.\nWe recommend upgrading to version 8.0 or beyond."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T08:08:27.410Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://issuetracker.google.com/433502298"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap-buffer-overflow write in FFmpeg MDASH resolve_content_path",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-59728",
"datePublished": "2025-10-06T08:08:27.410Z",
"dateReserved": "2025-09-19T08:11:37.549Z",
"dateUpdated": "2025-10-08T03:55:08.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9905 (GCVE-0-2025-9905)
Vulnerability from cvelistv5 – Published: 2025-09-19 08:16 – Updated: 2025-09-20 03:55
VLAI?
Summary
The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True.
One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed.
This is achieved by crafting a special .h5 archive file that uses the Lambda layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True option is not honored when reading .h5 archives.
Note that the .h5/.hdf5 format is a legacy format supported by Keras 3 for backwards compatibility.
Severity ?
CWE
- CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Keras-team | Keras |
Affected:
3.0.0 , ≤ 3.11.2
(semver)
|
Credits
Gabriele Digregorio
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-20T03:55:40.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/keras-team/keras",
"defaultStatus": "unaffected",
"packageName": "keras",
"product": "Keras",
"repo": "https://github.com/keras-team/keras",
"vendor": "Keras-team",
"versions": [
{
"lessThanOrEqual": "3.11.2",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gabriele Digregorio"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Keras \u003ccode\u003eModel.load_model\u003c/code\u003e\u0026nbsp;method can be exploited to achieve arbitrary code execution, even with \u003ccode\u003esafe_mode=True\u003c/code\u003e.\u003c/p\u003e\u003cp\u003eOne can create a specially crafted \u003ccode\u003e.h5\u003c/code\u003e/\u003ccode\u003e.hdf5\u003c/code\u003e\u0026nbsp;model archive that, when loaded via \u003ccode\u003eModel.load_model\u003c/code\u003e, will trigger arbitrary code to be executed.\u003c/p\u003e\u003cp\u003eThis is achieved by crafting a special \u003ccode\u003e.h5\u003c/code\u003e\u0026nbsp;archive file that uses the \u003ccode\u003eLambda\u003c/code\u003e\u0026nbsp;layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the \u003ccode\u003esafe_mode=True\u003c/code\u003e\u0026nbsp;option is not honored when reading \u003ccode\u003e.h5\u003c/code\u003e\u0026nbsp;archives.\u003c/p\u003e\u003cp\u003eNote that the \u003ccode\u003e.h5\u003c/code\u003e/\u003ccode\u003e.hdf5\u003c/code\u003e\u0026nbsp;format is a legacy format supported by Keras 3 for backwards compatibility.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "The Keras Model.load_model\u00a0method can be exploited to achieve arbitrary code execution, even with safe_mode=True.\n\nOne can create a specially crafted .h5/.hdf5\u00a0model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed.\n\nThis is achieved by crafting a special .h5\u00a0archive file that uses the Lambda\u00a0layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True\u00a0option is not honored when reading .h5\u00a0archives.\n\nNote that the .h5/.hdf5\u00a0format is a legacy format supported by Keras 3 for backwards compatibility."
}
],
"impacts": [
{
"capecId": "CAPEC-175",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-175 Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T08:16:44.772Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/keras-team/keras/pull/21602"
},
{
"url": "https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitary Code execution in Keras load_model()",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-9905",
"datePublished": "2025-09-19T08:16:44.772Z",
"dateReserved": "2025-09-03T07:27:18.212Z",
"dateUpdated": "2025-09-20T03:55:40.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9906 (GCVE-0-2025-9906)
Vulnerability from cvelistv5 – Published: 2025-09-19 08:15 – Updated: 2025-09-20 03:55
VLAI?
Summary
The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True.
One can create a specially crafted .keras model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed. This is achieved by crafting a special config.json (a file within the .keras archive) that will invoke keras.config.enable_unsafe_deserialization() to disable safe mode. Once safe mode is disable, one can use the Lambda layer feature of keras, which allows arbitrary Python code in the form of pickled code. Both can appear in the same archive. Simply the keras.config.enable_unsafe_deserialization() needs to appear first in the archive and the Lambda with arbitrary code needs to be second.
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Keras-team | Keras |
Affected:
3.0.0 , < 3.11.0
(semver)
|
Credits
Gabriele Digregorio
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9906",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-20T03:55:41.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Keras",
"repo": "https://github.com/keras-team/keras",
"vendor": "Keras-team",
"versions": [
{
"lessThan": "3.11.0",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gabriele Digregorio"
}
],
"datePublic": "2025-06-29T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Keras \u003ccode\u003eModel.load_model\u003c/code\u003e\u0026nbsp;method can be exploited to achieve arbitrary code execution, even with \u003ccode\u003esafe_mode=True\u003c/code\u003e.\u003c/p\u003e\u003cp\u003eOne can create a specially crafted \u003ccode\u003e.keras\u003c/code\u003e\u0026nbsp;model archive that, when loaded via \u003ccode\u003eModel.load_model\u003c/code\u003e, will trigger arbitrary code to be executed. This is achieved by crafting a special \u003ccode\u003econfig.json\u003c/code\u003e\u0026nbsp;(a file within the \u003ccode\u003e.keras\u003c/code\u003e\u0026nbsp;archive) that will invoke \u003ccode\u003ekeras.config.enable_unsafe_deserialization()\u003c/code\u003e\u0026nbsp;to disable safe mode. Once safe mode is disable, one can use the \u003ccode\u003eLambda\u003c/code\u003e\u0026nbsp;layer feature of keras, which allows arbitrary Python code in the form of pickled code. Both can appear in the same archive. Simply the \u003ccode\u003ekeras.config.enable_unsafe_deserialization()\u003c/code\u003e\u0026nbsp;needs to appear first in the archive and the \u003ccode\u003eLambda\u003c/code\u003e\u0026nbsp;with arbitrary code needs to be second.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "The Keras Model.load_model\u00a0method can be exploited to achieve arbitrary code execution, even with safe_mode=True.\n\nOne can create a specially crafted .keras\u00a0model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed. This is achieved by crafting a special config.json\u00a0(a file within the .keras\u00a0archive) that will invoke keras.config.enable_unsafe_deserialization()\u00a0to disable safe mode. Once safe mode is disable, one can use the Lambda\u00a0layer feature of keras, which allows arbitrary Python code in the form of pickled code. Both can appear in the same archive. Simply the keras.config.enable_unsafe_deserialization()\u00a0needs to appear first in the archive and the Lambda\u00a0with arbitrary code needs to be second."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:A",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T08:15:04.349Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/keras-team/keras/pull/21429"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Arbitrary Code execution in Keras Safe Mode",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-9906",
"datePublished": "2025-09-19T08:15:04.349Z",
"dateReserved": "2025-09-03T07:27:23.895Z",
"dateUpdated": "2025-09-20T03:55:41.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9951 (GCVE-0-2025-9951)
Vulnerability from cvelistv5 – Published: 2025-09-09 13:54 – Updated: 2025-09-10 03:56
VLAI?
Summary
A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9951",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T03:56:06.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FFmpeg",
"vendor": "FFmpeg",
"versions": [
{
"status": "affected",
"version": "\u003c 8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000."
}
],
"value": "A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000."
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:54:08.497Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote code execution via Heap Buffer Overflow in FFmpeg JPEG2000",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-9951",
"datePublished": "2025-09-09T13:54:08.497Z",
"dateReserved": "2025-09-03T13:48:20.280Z",
"dateUpdated": "2025-09-10T03:56:06.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7709 (GCVE-0-2025-7709)
Vulnerability from cvelistv5 – Published: 2025-09-08 14:51 – Updated: 2025-11-18 23:03
VLAI?
Summary
An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.
Severity ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7709",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T15:10:09.336882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T15:10:31.923Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-18T23:03:59.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/06/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/11/18/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FTS5",
"vendor": "SQLite",
"versions": [
{
"status": "affected",
"version": "3.49.1 \u003c 3.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn integer overflow exists in the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://sqlite.org/fts5.html\"\u003eFTS5\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An integer overflow exists in the FTS5 https://sqlite.org/fts5.html \u00a0extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds."
}
],
"impacts": [
{
"capecId": "CAPEC-92",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-92 Forced Integer Overflow"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T14:51:49.065Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-hv3g"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out Of Bounds write in FTS5 Extension in SQLite",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-7709",
"datePublished": "2025-09-08T14:51:49.065Z",
"dateReserved": "2025-07-16T13:30:35.186Z",
"dateUpdated": "2025-11-18T23:03:59.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8747 (GCVE-0-2025-8747)
Vulnerability from cvelistv5 – Published: 2025-08-11 07:21 – Updated: 2025-08-15 03:55
VLAI?
Summary
A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
JFrog Security Research Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8747",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T03:55:47.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Keras",
"repo": "https://github.com/keras-team/keras",
"vendor": "Google",
"versions": [
{
"lessThanOrEqual": "3.10.0",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "JFrog Security Research Team"
}
],
"datePublic": "2025-06-14T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive."
}
],
"value": "A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:A",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T07:21:16.619Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/keras-team/keras/pull/21429"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to a version of Keras with the fix implemented (version 3.11.0 or newer)."
}
],
"value": "Upgrade to a version of Keras with the fix implemented (version 3.11.0 or newer)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Keras safe_mode bypass allows arbitrary code execution when loading a malicious model.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-8747",
"datePublished": "2025-08-11T07:21:16.619Z",
"dateReserved": "2025-08-08T09:37:17.811Z",
"dateUpdated": "2025-08-15T03:55:47.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8192 (GCVE-0-2025-8192)
Vulnerability from cvelistv5 – Published: 2025-07-31 08:24 – Updated: 2025-07-31 13:20
VLAI?
Summary
There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Intent to change the target component’s state, thus bypass the original security sanitize function.
Severity ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
Credits
Qidan He
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:20:05.260633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T13:20:16.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cs.android.com/android/platform/superproject/main/+/main:packages/apps/TvSettings/Settings/src/com/android/tv/",
"defaultStatus": "unaffected",
"product": "TV",
"programFiles": [
"packages/apps/TvSettings/Settings/src/com/android/tv/settings/users/AppRestrictionsFragment.java"
],
"vendor": "Android",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qidan He"
}
],
"datePublic": "2025-06-10T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings\u2019 context, i.e. system-uid context, thus lead to launchAnyWhere. T\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ehe core idea is to utilize the time window between the check of Intent and the use to Intent to change the target component\u2019s state, thus bypass the original security sanitize function.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings\u2019 context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Intent to change the target component\u2019s state, thus bypass the original security sanitize function."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T08:24:26.612Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://defcon.org/html/defcon-33/dc-33-speakers.html#content_60309"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Race condition in AndroidTV TvSettings",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-8192",
"datePublished": "2025-07-31T08:24:26.612Z",
"dateReserved": "2025-07-25T08:57:20.782Z",
"dateUpdated": "2025-07-31T13:20:16.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7458 (GCVE-0-2025-7458)
Vulnerability from cvelistv5 – Published: 2025-07-29 12:43 – Updated: 2025-07-29 13:30
VLAI?
Summary
An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.
Severity ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
Credits
sec.r1nd0@gmail.com
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7458",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T13:30:48.382207Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T13:30:52.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SQLite",
"vendor": "SQLite",
"versions": [
{
"lessThan": "3.41.2",
"status": "affected",
"version": "3.39.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "sec.r1nd0@gmail.com"
}
],
"datePublic": "2023-03-16T17:22:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An integer overflow in the \u003ccode\u003esqlite3KeyInfoFromExprList\u003c/code\u003e function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause."
}
],
"value": "An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause."
}
],
"impacts": [
{
"capecId": "CAPEC-92",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-92 Forced Integer Overflow"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T12:43:19.427Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://sqlite.org/forum/forumpost/16ce2bb7a639e29b"
},
{
"tags": [
"patch"
],
"url": "https://sqlite.org/src/info/12ad822d9b827777"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to SQLite version 3.41.2 or newer."
}
],
"value": "Upgrade to SQLite version 3.41.2 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQLite integer overflow in key info allocation may lead to information disclosure.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-7458",
"datePublished": "2025-07-29T12:43:19.427Z",
"dateReserved": "2025-07-11T10:05:23.293Z",
"dateUpdated": "2025-07-29T13:30:52.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6965 (GCVE-0-2025-6965)
Vulnerability from cvelistv5 – Published: 2025-07-15 13:44 – Updated: 2025-11-04 21:14
VLAI?
Summary
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
Severity ?
CWE
- CWE-197 - Numeric Truncation Error
Assigner
References
Credits
Vlad Stolyarov of Google's Threat Analysis Group, with assistance from Google Big Sleep
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-15T13:55:28.325825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T13:55:46.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:14:51.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/57"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/56"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/53"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/58"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/49"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/06/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.sqlite.org/src",
"defaultStatus": "unaffected",
"packageName": "expr.c",
"product": "SQLite",
"programFiles": [
"expr.c"
],
"vendor": "SQLite",
"versions": [
{
"lessThan": "3.50.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vlad Stolyarov of Google\u0027s Threat Analysis Group, with assistance from Google Big Sleep"
}
],
"datePublic": "2025-06-27T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above."
}
],
"value": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above."
}
],
"impacts": [
{
"capecId": "CAPEC-679",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-197",
"description": "CWE-197: Numeric Truncation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T13:44:00.784Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Integer Truncation on SQLite",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-6965",
"datePublished": "2025-07-15T13:44:00.784Z",
"dateReserved": "2025-07-01T09:19:04.750Z",
"dateUpdated": "2025-11-04T21:14:51.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7021 (GCVE-0-2025-7021)
Vulnerability from cvelistv5 – Published: 2025-07-10 19:09 – Updated: 2025-07-10 20:29
VLAI?
Summary
Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g., login credentials, email addresses) via displaying a deceptive fullscreen interface with overlaid fake browser controls and a distracting element (like a cookie consent screen) to obscure fullscreen notifications, tricking the user into interacting with the malicious site.
Severity ?
CWE
- CWE-451 - : User Interface (UI) Misrepresentation of Critical Information
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7021",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T20:24:13.567962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T20:29:32.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Operator",
"vendor": "OpenAI",
"versions": [
{
"status": "affected",
"version": "SaaS"
}
]
}
],
"datePublic": "2025-06-13T13:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g., login credentials, email addresses) via displaying a deceptive fullscreen interface with overlaid fake browser controls and a distracting element (like a cookie consent screen) to obscure fullscreen notifications, tricking the user into interacting with the malicious site.\u003cbr\u003e"
}
],
"value": "Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g., login credentials, email addresses) via displaying a deceptive fullscreen interface with overlaid fake browser controls and a distracting element (like a cookie consent screen) to obscure fullscreen notifications, tricking the user into interacting with the malicious site."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 : User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T19:09:40.590Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/google/security-research/security/advisories/GHSA-mmgx-755h-wr74"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenAI Operator - API Spoofing through Locking Operator on FullScreen",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-7021",
"datePublished": "2025-07-10T19:09:40.590Z",
"dateReserved": "2025-07-02T12:44:54.941Z",
"dateUpdated": "2025-07-10T20:29:32.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5981 (GCVE-0-2025-5981)
Vulnerability from cvelistv5 – Published: 2025-06-18 08:28 – Updated: 2025-06-18 13:42
VLAI?
Summary
Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.
Severity ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osv-scalibr |
Affected:
0.1.3 , < 0.1.8
(semver)
|
Credits
Anthony Weems of Google's Cloud Vulnerability Research team
Simon Scannell of Google's Cloud Vulnerability Research team
Stefan Schiller of Google's Cloud Vulnerability Research team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5981",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T13:42:36.658295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T13:42:49.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/google/osv-scalibr",
"defaultStatus": "unaffected",
"packageName": "osv-scalibr",
"product": "osv-scalibr",
"programFiles": [
"artifact/image/layerscanning/image/image.go"
],
"vendor": "Google",
"versions": [
{
"lessThan": "0.1.8",
"status": "affected",
"version": "0.1.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anthony Weems of Google\u0027s Cloud Vulnerability Research team"
},
{
"lang": "en",
"type": "finder",
"value": "Simon Scannell of Google\u0027s Cloud Vulnerability Research team"
},
{
"lang": "en",
"type": "finder",
"value": "Stefan Schiller of Google\u0027s Cloud Vulnerability Research team"
}
],
"datePublic": "2025-04-24T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eArbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR\u0027s \u003c/span\u003e\u003ccode\u003eunpack()\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;function for container images. Particularly, when using the CLI flag \u003c/span\u003e\u003ccode\u003e--remote-image\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;on untrusted container images.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR\u0027s unpack()\u00a0function for container images. Particularly, when using the CLI flag --remote-image\u00a0on untrusted container images."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T08:28:02.899Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/google/osv-scalibr/releases/tag/v0.1.8"
},
{
"url": "https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary File write in OSV-SCALIBR",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-5981",
"datePublished": "2025-06-18T08:28:02.899Z",
"dateReserved": "2025-06-10T12:31:04.353Z",
"dateUpdated": "2025-06-18T13:42:49.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}