CVE-2025-14956

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-14956
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14956.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-14956
Downstream
Published
2025-12-19T17:15:51.470Z
Modified
2026-03-13T21:48:45.478857Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.

References

Affected packages

Git / github.com/webassembly/binaryen

Affected ranges

Type
GIT
Repo
https://github.com/webassembly/binaryen
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6ec7b5f9c615d3b224c67ae221d6812c8f8e1a96
Fixed
4f52bff8c4075b5630422f902dd92a0af2c9f398
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "125"
        }
    ]
}

Affected versions

1.*
1.36.10
1.36.11
1.36.12
1.36.13
1.36.14
1.36.2
1.36.3
1.36.4
1.36.5
1.36.6
1.36.7
1.36.8
1.36.9
1.37.0
1.37.1
1.37.10
1.37.11
1.37.12
1.37.13
1.37.14
1.37.15
1.37.16
1.37.17
1.37.18
1.37.19
1.37.2
1.37.20
1.37.21
1.37.22
1.37.23
1.37.24
1.37.25
1.37.26
1.37.27
1.37.28
1.37.29
1.37.3
1.37.30
1.37.31
1.37.32
1.37.33
1.37.34
1.37.35
1.37.36
1.37.37
1.37.39
1.37.4
1.37.40
1.37.5
1.37.6
1.37.7
1.37.8
1.37.9
1.38.0
1.38.1
1.38.10
1.38.11
1.38.12
1.38.13
1.38.14
1.38.15
1.38.16
1.38.17
1.38.18
1.38.19
1.38.2
1.38.20
1.38.21
1.38.22
1.38.23
1.38.24
1.38.25
1.38.26
1.38.27
1.38.28
1.38.29
1.38.3
1.38.30
1.38.31
1.38.32
1.38.4
1.38.47
1.38.48
1.38.5
1.38.6
1.38.7
1.38.8
1.38.9
1.39.1
Other
binary_0xb
rebuild-121
version_1
version_10
version_100
version_101
version_102
version_103
version_104
version_105
version_106
version_107
version_108
version_109
version_11
version_110
version_111
version_112
version_113
version_114
version_115
version_116
version_117
version_118
version_119
version_12
version_120
version_120_b
version_121
version_122
version_123
version_124
version_125
version_13
version_14
version_15
version_16
version_17
version_18
version_19
version_2
version_20
version_21
version_22
version_23
version_24
version_25
version_26
version_27
version_28
version_29
version_3
version_30
version_31
version_32
version_33
version_34
version_35
version_36
version_37
version_38
version_39
version_4
version_40
version_41
version_42
version_43
version_44
version_45
version_46
version_47
version_48
version_49
version_5
version_50
version_51
version_52
version_53
version_54
version_55
version_56
version_57
version_58
version_59
version_6
version_60
version_61
version_62
version_63
version_64
version_65
version_66
version_67
version_68
version_69
version_7
version_70
version_71
version_72
version_73
version_74
version_75
version_76
version_77
version_78
version_79
version_8
version_80
version_81
version_82
version_83
version_84
version_85
version_86
version_87
version_88
version_89
version_9
version_90
version_91
version_92
version_93
version_94
version_95
version_96
version_97
version_98
version_99

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14956.json"
vanir_signatures 
[
    {
        "signature_type": "Function",
        "id": "CVE-2025-14956-31b4e4e1",
        "source": "https://github.com/webassembly/binaryen/commit/4f52bff8c4075b5630422f902dd92a0af2c9f398",
        "signature_version": "v1",
        "target": {
            "function": "WasmBinaryReader::readExpression",
            "file": "src/wasm/wasm-binary.cpp"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "297504919989245700610474729391651764270",
            "length": 357.0
        }
    },
    {
        "signature_type": "Line",
        "id": "CVE-2025-14956-646ed37d",
        "source": "https://github.com/webassembly/binaryen/commit/4f52bff8c4075b5630422f902dd92a0af2c9f398",
        "signature_version": "v1",
        "target": {
            "file": "src/wasm/wasm-binary.cpp"
        },
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "201480928520681906379950524024727729655",
                "334726967807214632206129284775153697474",
                "304652278790085127732226364469106342570",
                "38127243108464750520046628332426506894",
                "71237723187431418267481440117115206607",
                "252088095133434476482696689927987076667",
                "249611125164174963394737326246462431268",
                "1411843634869612402975512596183721162",
                "242793103065672669814075219089174268581"
            ]
        }
    }
]