CVE-2025-14549

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-14549
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14549.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-14549
Published
2025-12-15T06:15:42.733Z
Modified
2026-03-12T17:38:05.333304Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Eclipse OMR compiler component, since release 0.7.0, an optimization enabled for Eclipse OpenJ9 consumers of OMR on Z processors incorrectly handles NUL (0x00) characters during the Latin-compatible charset (UTF-8, ISO8859-1, ASCII, etc) to IBM-1047/037 translation sequence. This can cause the output byte array to be truncated, discarding the first NUL byte and all subsequent characters, and thereby exposing a possible buffer over-read problem. This issue is fixed in Eclipse OMR version 0.8.0.

References

Affected packages

Git / github.com/eclipse-omr/omr

Affected ranges

Type
GIT
Repo
https://github.com/eclipse-omr/omr
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
01268e034df7dd66418b7f2dc4b1d861e9aa91b0
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.7.0"
        }
    ]
}

Affected versions

omr-0.*
omr-0.1.0
omr-0.2.0
omr-0.3.0
omr-0.4.0
omr-0.5.0
omr-0.6.0
omr-0.7.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14549.json"