Home

Description

EN DE

A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It is recommended to upgrade the affected component.

Eine Schwachstelle wurde in libretro RetroArch 1.18.0/1.19.0/1.20.0 gefunden. Betroffen davon ist die Funktion filestream_vscanf der Datei libretro-common/streams/file_stream.c. Dank der Manipulation mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Das Problem kann durch ein Upgrade auf Version 1.21.0 adressiert werden. Es wird empfohlen, die betroffene Komponente zu aktualisieren.

PUBLISHED Reserved 2025-08-19 | Published 2025-08-19 | Updated 2025-08-19 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
MEDIUM: 5.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
4.3AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

Problem types

Out-of-Bounds Read

Memory Corruption

Product status

1.18.0
affected

1.19.0
affected

1.20.0
affected

1.21.0
unaffected

Timeline

2025-08-19:Advisory disclosed
2025-08-19:VulDB entry created
2025-08-19:VulDB entry last update

Credits

Simcha Kosman finder

simkca (VulDB User) reporter

References

vuldb.com/?id.320516 (VDB-320516 | libretro RetroArch file_stream.c filestream_vscanf out-of-bounds) vdb-entry technical-description

vuldb.com/?ctiid.320516 (VDB-320516 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.617657 (Submit #617657 | libretro RetroArch v1.20.0/v1.19.0/v1.18.0 Out-of-Bounds Read) third-party-advisory

github.com/libretro/RetroArch/pull/17555 issue-tracking

github.com/libretro/RetroArch/pull/17555 issue-tracking

github.com/...mmits/6446f045ec7fc6a5cac3e8ec35a2f0a5889c88e8 issue-tracking patch

github.com/libretro/RetroArch/releases/tag/v1.21.0 patch

cve.org (CVE-2025-9136)

nvd.nist.gov (CVE-2025-9136)

Download JSON