Bug 2392125 (CVE-2025-9688)
| Summary: | CVE-2025-9688 Mupen64Plus: Mupen64Plus is_viewer.c write_is_viewer integer overflow | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | dreua |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A vulnerability was found in Mupen64Plus. The affected element is the write_is_viewer function of the src/device/cart/is_viewer.c file. Manipulation leads to integer overflow, and the attack can be initiated remotely.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2392349, 2392350 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-08-30 13:01:07 UTC
I guess this is a fully automatic process and no one really looked at it, correct? The possibility "to initiate the attack remotely" is probably nonsense but there are issues in the emulator which allow host side code execution when loading a malicious ROM. Another CVE but I believe this one is already fixed in one of the linked PRs: https://github.com/mupen64plus/mupen64plus-core/issues/1146 Started a new discussion upstream to get some more context: https://github.com/mupen64plus/mupen64plus-core/issues/1149#issuecomment-3287379037 Patches in openbsd: https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/emulators/mupen64plus/core/patches/ |