Search criteria
4 vulnerabilities by libretro
CVE-2025-9809 (GCVE-0-2025-9809)
Vulnerability from cvelistv5 – Published: 2025-09-01 18:38 – Updated: 2025-09-03 20:29
VLAI?
Summary
Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATH_MAX_LENGTH that is copied using memcpy into a fixed-size buffer.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| libretro | libretro-common |
Affected:
0
|
Credits
Simcha Kosman
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T20:29:10.518670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T20:29:21.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"cdfs_open_cue_track"
],
"product": "libretro-common",
"programFiles": [
"libretro-common/formats/cdfs/cdfs.c"
],
"vendor": "libretro",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Simcha Kosman"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds write in \u003ccode\u003ecdfs_open_cue_track\u003c/code\u003e in libretro \u003ccode\u003elibretro-common\u003c/code\u003e latest on all platforms allows remote attackers to execute arbitrary code via a crafted \u003ccode\u003e.cue\u003c/code\u003e file with a file path exceeding \u003ccode\u003ePATH_MAX_LENGTH\u003c/code\u003e that is copied using \u003ccode\u003ememcpy\u003c/code\u003e into a fixed-size buffer."
}
],
"value": "Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATH_MAX_LENGTH that is copied using memcpy into a fixed-size buffer."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T18:38:22.165Z",
"orgId": "96148269-fe82-4198-b1bf-3a73ce8bc92e",
"shortName": "CyberArk"
},
"references": [
{
"url": "https://github.com/libretro/libretro-common/blob/master/formats/cdfs/cdfs.c#L471"
},
{
"url": "https://github.com/libretro/libretro-common/issues/222"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Limit memcpy size to PATH_MAX_LENGTH-1 when copying file paths, ensure explicit NUL-termination, and validate lengths before copy; update to a version including the fix once available.\n\n\u003cbr\u003e"
}
],
"value": "Limit memcpy size to PATH_MAX_LENGTH-1 when copying file paths, ensure explicit NUL-termination, and validate lengths before copy; update to a version including the fix once available."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "96148269-fe82-4198-b1bf-3a73ce8bc92e",
"assignerShortName": "CyberArk",
"cveId": "CVE-2025-9809",
"datePublished": "2025-09-01T18:38:22.165Z",
"dateReserved": "2025-09-01T18:17:00.403Z",
"dateUpdated": "2025-09-03T20:29:21.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9136 (GCVE-0-2025-9136)
Vulnerability from cvelistv5 – Published: 2025-08-19 11:32 – Updated: 2025-08-19 13:15
VLAI?
Summary
A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It is recommended to upgrade the affected component.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
Credits
Simcha Kosman
simkca (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9136",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-19T13:15:00.564640Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:15:15.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.617657"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RetroArch",
"vendor": "libretro",
"versions": [
{
"status": "affected",
"version": "1.18.0"
},
{
"status": "affected",
"version": "1.19.0"
},
{
"status": "affected",
"version": "1.20.0"
},
{
"status": "unaffected",
"version": "1.21.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Simcha Kosman"
},
{
"lang": "en",
"type": "reporter",
"value": "simkca (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in libretro RetroArch 1.18.0/1.19.0/1.20.0 gefunden. Betroffen davon ist die Funktion filestream_vscanf der Datei libretro-common/streams/file_stream.c. Dank der Manipulation mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Das Problem kann durch ein Upgrade auf Version 1.21.0 adressiert werden. Es wird empfohlen, die betroffene Komponente zu aktualisieren."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T11:32:08.147Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320516 | libretro RetroArch file_stream.c filestream_vscanf out-of-bounds",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320516"
},
{
"name": "VDB-320516 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320516"
},
{
"name": "Submit #617657 | libretro RetroArch v1.20.0/v1.19.0/v1.18.0 Out-of-Bounds Read",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.617657"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/libretro/RetroArch/pull/17555"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/libretro/RetroArch/pull/17555#issuecomment-2651403849"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/libretro/RetroArch/pull/17555/commits/6446f045ec7fc6a5cac3e8ec35a2f0a5889c88e8"
},
{
"tags": [
"patch"
],
"url": "https://github.com/libretro/RetroArch/releases/tag/v1.21.0"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-19T07:36:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "libretro RetroArch file_stream.c filestream_vscanf out-of-bounds"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9136",
"datePublished": "2025-08-19T11:32:08.147Z",
"dateReserved": "2025-08-19T05:30:17.042Z",
"dateUpdated": "2025-08-19T13:15:15.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0459 (GCVE-0-2025-0459)
Vulnerability from cvelistv5 – Published: 2025-01-14 15:31 – Updated: 2025-01-14 16:42
VLAI?
Summary
A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll of the component Startup. The manipulation leads to untrusted search path. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Credits
Havook (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:42:41.012591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:42:46.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Startup"
],
"product": "RetroArch",
"vendor": "libretro",
"versions": [
{
"status": "affected",
"version": "1.19.0"
},
{
"status": "affected",
"version": "1.19.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Havook (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll of the component Startup. The manipulation leads to untrusted search path. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in libretro RetroArch bis 1.19.1 f\u00fcr Windows entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion in der Bibliothek profapi.dll der Komponente Startup. Durch das Beeinflussen mit unbekannten Daten kann eine untrusted search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T15:31:05.312Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-291476 | libretro RetroArch Startup profapi.dll untrusted search path",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.291476"
},
{
"name": "VDB-291476 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.291476"
},
{
"name": "Submit #474011 | retroarch 1.19.1 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.474011"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-01-14T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-01-14T09:12:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "libretro RetroArch Startup profapi.dll untrusted search path"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-0459",
"datePublished": "2025-01-14T15:31:05.312Z",
"dateReserved": "2025-01-14T08:07:08.394Z",
"dateUpdated": "2025-01-14T16:42:46.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28927 (GCVE-0-2021-28927)
Vulnerability from cvelistv5 – Published: 2021-04-07 14:09 – Updated: 2024-08-03 21:55
VLAI?
Summary
The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:12.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://libretro.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retroarch.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libretro/RetroArch/blob/d3dc3ee989ec6a4903c689907ffc47027f71f776/frontend/drivers/platform_win32.c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/retroarch-for-windows-version-1.9.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T18:38:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://libretro.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retroarch.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libretro/RetroArch/blob/d3dc3ee989ec6a4903c689907ffc47027f71f776/frontend/drivers/platform_win32.c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/retroarch-for-windows-version-1.9.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://libretro.com",
"refsource": "MISC",
"url": "http://libretro.com"
},
{
"name": "http://retroarch.com",
"refsource": "MISC",
"url": "http://retroarch.com"
},
{
"name": "https://github.com/libretro/RetroArch/blob/d3dc3ee989ec6a4903c689907ffc47027f71f776/frontend/drivers/platform_win32.c",
"refsource": "MISC",
"url": "https://github.com/libretro/RetroArch/blob/d3dc3ee989ec6a4903c689907ffc47027f71f776/frontend/drivers/platform_win32.c"
},
{
"name": "https://labs.bishopfox.com/advisories/retroarch-for-windows-version-1.9.0",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/retroarch-for-windows-version-1.9.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28927",
"datePublished": "2021-04-07T14:09:35",
"dateReserved": "2021-03-19T00:00:00",
"dateUpdated": "2024-08-03T21:55:12.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}