CVE-2025-65834
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-17
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| meltytech | shotcut | 25.10.31 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-65834 is a buffer overflow vulnerability in Meltytech Shotcut version 25.10.31, specifically in the MLT Framework's image processing module within the function mlt_image_fill_white. It occurs when the application processes MLT project files that have manipulated width and height parameters set to extremely large values. This causes the software to attempt excessive memory allocation, leading to a buffer overflow and a memory access violation. [1]
How can this vulnerability impact me? :
The primary impact of this vulnerability is denial of service, which causes the application to crash. This can lead to loss of unsaved work, potential data corruption during save operations, and disruption of user productivity. There is no indication that this vulnerability allows code execution or data theft. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if Shotcut version 25.10.31 is processing MLT project files with manipulated width and height parameters set to extremely large values. Since exploitation requires local access and user interaction (opening a malicious MLT project file), network detection is limited. There are no specific commands provided for detection. Monitoring for application crashes or memory access violations in Shotcut when opening MLT project files may indicate exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding opening untrusted or suspicious MLT project files with manipulated width and height parameters in Shotcut version 25.10.31. Users should restrict local access to trusted individuals and monitor for application crashes. Applying vendor patches once released is recommended. Until a patch is available, exercising caution with project files and backing up work frequently can reduce impact. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability primarily causes denial of service through application crashes, potential loss of unsaved work, and possible data corruption during save operations. There is no indication of data theft or unauthorized access. Therefore, while it may disrupt user productivity and data integrity temporarily, there is no direct evidence that it impacts compliance with standards like GDPR or HIPAA, which focus on data confidentiality and privacy. [1]