CVE-2025-59728
BaseFortify
Publication date: 2025-10-06
Last updated on: 2025-10-06
Assigner: Google Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vendor | product | 8.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs when handling MPEG-DASH manifests, specifically during the calculation of the content path. The issue is an out-of-bounds NUL-byte write one byte past the end of a buffer. The function xmlNodeGetContent returns a buffer exactly sized to the string length. If this buffer is not empty and does not end with a '/', the code attempts to append a '/' and a NUL byte in-place. However, this write operation overwrites memory beyond the allocated buffer boundary, causing a buffer overflow.
How can this vulnerability impact me? :
This vulnerability can lead to memory corruption due to the out-of-bounds write. Such memory corruption may cause application crashes, unexpected behavior, or potentially allow an attacker to execute arbitrary code or escalate privileges depending on the context in which the vulnerable code is used.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to upgrade to version 8.0 or beyond of the affected software.