CVE-2025-9809

Vulnerability

CVE-2025-9809

Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATH_MAX_LENGTH that is copied using memcpy into a fixed-size buffer.

References

launchpad.net/ubuntu-cve-tracker: https://github.com/libretro/libretro-common/blob/master/formats/cdfs/cdfs.c#L471
launchpad.net/ubuntu-cve-tracker: https://github.com/libretro/libretro-common/issues/222
launchpad.net/ubuntu-cve-tracker: https://www.cve.org/CVERecord?id=CVE-2025-9809

severityh

high

type: vendor

source: launchpad.net/ubuntu-cve-tracker

published: 2025-09-01 19:15:00

Detection

No detection criteria available for this vulnerability.

Data Sources

Ubuntu CVE Tracker
ubuntu-cve-tracker
- raw: ghcr.io/vulsio/vuls-data-db:vuls-data-raw-ubuntu-cve-tracker
- extracted: ghcr.io/vulsio/vuls-data-db:vuls-data-extracted-ubuntu-cve-tracker

FutureVuls|GitHub