Source: binaryen Version: 120-4 Severity: important Tags: security upstream Forwarded: https://github.com/WebAssembly/binaryen/issues/8089 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for binaryen. CVE-2025-14956[0]: | A vulnerability was determined in WebAssembly Binaryen up to 125. | Affected by this issue is the function WasmBinaryReader::readExport | of the file src/wasm/wasm-binary.cpp. This manipulation causes heap- | based buffer overflow. It is possible to launch the attack on the | local host. The exploit has been publicly disclosed and may be | utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It | is recommended to apply a patch to fix this issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-14956 https://www.cve.org/CVERecord?id=CVE-2025-14956 [1] https://github.com/WebAssembly/binaryen/issues/8089 [2] https://github.com/WebAssembly/binaryen/pull/8092 Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- Pkg-javascript-devel mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
