Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATH_MAX_LENGTH that is copied using memcpy into a fixed-size buffer.
History

Mon, 01 Sep 2025 18:45:00 +0000

Type Values Removed Values Added
Description Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATH_MAX_LENGTH that is copied using memcpy into a fixed-size buffer.
Weaknesses CWE-787
References
Metrics cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: CyberArk

Published:

Updated: 2025-09-01T18:38:22.165Z

Reserved: 2025-09-01T18:17:00.403Z

Link: CVE-2025-9809

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-09-01T19:15:32.383

Modified: 2025-09-01T19:15:32.383

Link: CVE-2025-9809

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.