CVE-2025-9809

Vulnerability

CVE-2025-9809

CVE-2025-9809

ecosystem: ubuntu:25.04

Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATH_MAX_LENGTH that is copied using memcpy into a fixed-size buffer.

References

launchpad.net/ubuntu-cve-tracker: https://github.com/libretro/libretro-common/blob/master/formats/cdfs/cdfs.c#L471
launchpad.net/ubuntu-cve-tracker: https://github.com/libretro/libretro-common/issues/222
launchpad.net/ubuntu-cve-tracker: https://www.cve.org/CVERecord?id=CVE-2025-9809

severityh

high

type: vendor

source: launchpad.net/ubuntu-cve-tracker

published: 2025-09-01 19:15:00

Detection

ubuntu:25.04

CVE-2025-9809

ubuntu-cve-tracker

OR

unfixedignored: end of life, was needs-triage

　

retroarch

package type: source

type: version

tag: plucky_high

Data Sources

Ubuntu CVE Tracker
ubuntu-cve-tracker
- raw: ghcr.io/vulsio/vuls-data-db:vuls-data-raw-ubuntu-cve-tracker
- extracted: ghcr.io/vulsio/vuls-data-db:vuls-data-extracted-ubuntu-cve-tracker

Vuls

FutureVuls|GitHub