CVE-2025-9688

Name
CVE-2025-9688
Description
A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used. The identifier of the patch is 3984137fc0c44110f1ef876adb008885b05a6e18. To fix this issue, it is recommended to deploy a patch.
NVD Severity
low
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
exploit https://github.com/Giles-one/mupen64plusEscape/tree/main/BUG10
signature https://vuldb.com/?ctiid.321900
vdb-entry https://vuldb.com/?id.321900
third-party-advisory https://vuldb.com/?submit.638592
patch https://github.com/mupen64plus/mupen64plus-core/commit/3984137fc0c44110f1ef876adb008885b05a6e18

Match rules

CPE URI Source package Min version Max version
mupen64plus == 2.0 == 2.0
mupen64plus == 2.1 == 2.1
mupen64plus == 2.2 == 2.2
mupen64plus == 2.3 == 2.3
mupen64plus == 2.4 == 2.4
mupen64plus == 2.5 == 2.5
mupen64plus == 2.6.0 == 2.6.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
mupen64plus edge-community 2.6.0-r0 Alex McGrath <amk@amk.ie> possibly vulnerable
mupen64plus 3.22-community 2.6.0-r0 Alex McGrath <amk@amk.ie> possibly vulnerable