CVE-2025-14549
Unknown Unknown - Not Provided
Buffer Over-Read in Eclipse OMR Compiler Charset Translation

Publication date: 2025-12-15

Last updated on: 2025-12-15

Assigner: Eclipse Foundation

Description
In the Eclipse OMR compiler component, since release 0.7.0, an optimization enabled for Eclipse OpenJ9 consumers of OMR on Z processors incorrectly handles NUL (0x00) characters during the Latin-compatible charset (UTF-8, ISO8859-1, ASCII, etc) to IBM-1047/037 translation sequence. This can cause the output byte array to be truncated, discarding the first NUL byte and all subsequent characters, and thereby exposing a possible buffer over-read problem. This issue is fixed in Eclipse OMR version 0.8.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-15
Last Modified
2025-12-15
Generated
2026-06-16
AI Q&A
2025-12-15
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14549
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eclipse omr 0.8.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Eclipse OMR compiler component used by Eclipse OpenJ9 on IBM Z processors. An optimization for character translation from Latin-compatible charsets (like UTF-8, ISO8859-1, ASCII) to IBM-1047/037 incorrectly handles NUL (0x00) characters. Specifically, the translation process can truncate the output byte array by discarding the first NUL byte and all characters after it, which may lead to a buffer over-read problem. The issue is due to the optimization incorrectly checking for a stop character during translation, causing premature termination when encountering a NUL byte. This was fixed by correcting the handling of the stop character check in the optimization. [1]

Impact Analysis

This vulnerability can cause the output byte array from character translation to be truncated unexpectedly, discarding data after the first NUL byte. This may lead to buffer over-read issues, potentially causing incorrect program behavior, data corruption, or exposing sensitive memory contents. Such impacts could affect the reliability and security of applications using Eclipse OpenJ9 on IBM Z processors. [1]

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the Eclipse OMR compiler component to version 0.8.0 or later, where the issue with incorrect handling of NUL characters during charset translation on IBM Z processors has been fixed. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14549. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart