CVE-2025-9809

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-9809

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9809.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-9809

Downstream

DEBIAN-CVE-2025-9809

UBUNTU-CVE-2025-9809

USN-8166-1

Published

2025-09-01T19:15:32Z

Modified

2026-04-10T05:36:47.747246Z

Summary

[none]

Details

Out-of-bounds write in cdfsopencuetrack in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATHMAX_LENGTH that is copied using memcpy into a fixed-size buffer.

References

https://github.com/libretro/libretro-common/issues/222
https://github.com/libretro/libretro-common/blob/master/formats/cdfs/cdfs.c#L471

CVE-2025-9809

Affected packages