2389384 – (CVE-2025-9136) CVE-2025-9136 RetroArch: libretro RetroArch file_stream.c filestream_vscanf out-of-bounds

Bug 2389384 (CVE-2025-9136) - CVE-2025-9136 RetroArch: libretro RetroArch file_stream.c filestream_vscanf out-of-bounds

Summary: CVE-2025-9136 RetroArch: libretro RetroArch file_stream.c filestream_vscanf o...

Keywords:
Status:	NEW
Alias:	CVE-2025-9136
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2389430 2389431
Blocks:
TreeView+	depends on / blocked

Reported:	2025-08-19 12:01 UTC by OSIDB Bzimport
Modified:	2025-08-20 13:58 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-08-19 12:01:15 UTC

A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It is recommended to upgrade the affected component.

Note You need to log in before you can comment on or make changes to this bug.