CVE-2025-14957
Null Pointer Dereference in WebAssembly Binaryen IRBuilder Functions
Publication date: 2025-12-19
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| webassembly | binaryen | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-14957 is a vulnerability in the WebAssembly Binaryen project affecting the IRBuilder component, specifically the functions makeLocalGet, makeLocalSet, and makeLocalTee. The issue arises from improper validation of local variable indexes, which can lead to a null pointer dereference when an invalid local index is accessed during WebAssembly intermediate representation construction or optimization. This causes a segmentation fault (crash) in the wasm-opt tool when processing malformed WebAssembly binaries. The vulnerability requires local access to exploit and has a publicly available proof-of-concept. A patch has been implemented that adds explicit validation checks to ensure local indexes are within valid bounds, preventing out-of-bounds access and eliminating the crash. [1, 2, 5, 7]
How can this vulnerability impact me? :
This vulnerability can cause denial of service by crashing the wasm-opt tool when it processes malformed WebAssembly binaries. The null pointer dereference leads to a segmentation fault, causing the application to abort unexpectedly and impacting availability. Since the exploit requires local access, an attacker with such access can trigger this crash, potentially disrupting services or workflows that rely on wasm-opt or the WebAssembly Binaryen toolchain. The impact is primarily on availability, with no direct compromise of confidentiality or integrity reported. [2, 5, 6, 7]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the crash using a crafted malformed WebAssembly binary with the wasm-opt tool from the WebAssembly Binaryen project. A known reproduction command is `./wasm-opt repro -o /dev/null`, where `repro` is a specially crafted malformed WebAssembly binary that triggers the null pointer dereference and segmentation fault. Monitoring for crashes or segmentation faults in wasm-opt during processing of WebAssembly binaries can also indicate the presence of this vulnerability. [5, 6, 7]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to apply the patch identified by commit 6fb2b917a79578ab44cf3b900a6da4c27251e0d4, which adds validation checks for local variable indexes in the IRBuilder component. This patch prevents invalid local index access and eliminates the null pointer dereference. Updating the WebAssembly Binaryen tool to a version that includes this fix (merged on December 10, 2025) is advised. Additionally, avoid processing untrusted or malformed WebAssembly binaries with vulnerable versions of wasm-opt until patched. [1, 2, 3]