Source: binaryen Version: 120-4 Severity: important Tags: security upstream Forwarded: https://github.com/WebAssembly/binaryen/issues/8090 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for binaryen. CVE-2025-14957[0]: | A vulnerability was identified in WebAssembly Binaryen up to 125. | This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLoc | alSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir- | builder.cpp of the component IRBuilder. Such manipulation of the | argument Index leads to null pointer dereference. Local access is | required to approach this attack. The exploit is publicly available | and might be used. The name of the patch is | 6fb2b917a79578ab44cf3b900a6da4c27251e0d4. Applying a patch is | advised to resolve this issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-14957 https://www.cve.org/CVERecord?id=CVE-2025-14957 [1] https://github.com/WebAssembly/binaryen/issues/8090 [2] https://github.com/WebAssembly/binaryen/pull/8099 Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- Pkg-javascript-devel mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
