CVE-2025-65834
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-17

Assigner: MITRE

Description
Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A memory access violation occurs when processing MLT project files with manipulated width and height parameters. By setting these values to extremely large numbers, the application attempts to allocate excessive memory during image processing, triggering a buffer overflow in the mlt_image_fill_white function.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-17
Generated
2026-06-16
AI Q&A
2025-12-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-65834
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
meltytech shotcut 25.10.31
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-65834 is a buffer overflow vulnerability in Meltytech Shotcut version 25.10.31, specifically in the MLT Framework's image processing module within the function mlt_image_fill_white. It occurs when the application processes MLT project files that have manipulated width and height parameters set to extremely large values. This causes the software to attempt excessive memory allocation, leading to a buffer overflow and a memory access violation. [1]

Impact Analysis

The primary impact of this vulnerability is denial of service, which causes the application to crash. This can lead to loss of unsaved work, potential data corruption during save operations, and disruption of user productivity. There is no indication that this vulnerability allows code execution or data theft. [1]

Detection Guidance

This vulnerability can be detected by identifying if Shotcut version 25.10.31 is processing MLT project files with manipulated width and height parameters set to extremely large values. Since exploitation requires local access and user interaction (opening a malicious MLT project file), network detection is limited. There are no specific commands provided for detection. Monitoring for application crashes or memory access violations in Shotcut when opening MLT project files may indicate exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include avoiding opening untrusted or suspicious MLT project files with manipulated width and height parameters in Shotcut version 25.10.31. Users should restrict local access to trusted individuals and monitor for application crashes. Applying vendor patches once released is recommended. Until a patch is available, exercising caution with project files and backing up work frequently can reduce impact. [1]

Compliance Impact

The vulnerability primarily causes denial of service through application crashes, potential loss of unsaved work, and possible data corruption during save operations. There is no indication of data theft or unauthorized access. Therefore, while it may disrupt user productivity and data integrity temporarily, there is no direct evidence that it impacts compliance with standards like GDPR or HIPAA, which focus on data confidentiality and privacy. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65834. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart