CVE-2025-9136

Sažetak

A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It is recommended to upgrade the affected component.

Reference

https://github.com/libretro/RetroArch/pull/17555
https://github.com/libretro/RetroArch/pull/17555#issuecomment-2651403849
https://github.com/libretro/RetroArch/pull/17555/commits/6446f045ec7fc6a5cac3e8ec35a2f0a5889c88e8
https://github.com/libretro/RetroArch/releases/tag/v1.21.0
https://vuldb.com/?ctiid.320516
https://vuldb.com/?id.320516
https://vuldb.com/?submit.617657
https://vuldb.com/?submit.617657

CVSS

Base:	4.3
Impact:	6.4
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

12-09-2025 - 14:55

Objavljeno

19-08-2025 - 12:15