CVE-2025-59728

CVSS v4.0

8.7

High

Vector

AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Name of the Vulnerable Software and Affected Versions Software versions prior to 8.0

Description An issue exists in the handling of MPEG-DASH manifests where an out-of-bounds NUL-byte write occurs one byte past the end of the buffer. This happens during the calculation of the content path. The xmlNodeGetContent function returns a buffer allocated to match the string length using strdup. If the buffer is not empty, it is assigned to root url. If the last byte in the buffer is not '/', a '/' is appended, potentially writing beyond the buffer's allocated space.

Recommendations Upgrade to version 8.0 or beyond.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2025-12716

CVE-2025-59728

MGASA-2025-0306

OPENSUSE-SU-2025:15640-1

SUSE-SU-2025:3715-1

SUSE-SU-2025:3810-1

SUSE-SU-2025_3810-1

USN-7982-1

Affected Products

Linuxmint

Mpeg-Dash

Red Os

Suse

Ubuntu

CVE-2025-59728

Weakness Enumeration

Related Identifiers

Affected Products

References · 34