CVE-2025-59728

Severity CVSS v4.0:

HIGH

Type:

CWE-787 Out-of-bounds Write

Publication date:

06/10/2025

Last modified:

06/10/2025

Description

When calculating the content path in handling of MPEG-DASH manifests, there&#39;s an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is not an empty string, it is assigned to root_url at [1].If the last (non-NUL) byte in this buffer is not &#39;/&#39; then we append &#39;/&#39; in-place at [2]. This will write two bytes into the buffer, starting at the last valid byte in the buffer, writing the NUL byte beyond the end of the allocated buffer.<br /> We recommend upgrading to version 8.0 or beyond.

Impact

Vector 4.0

CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N CVSS v4.0 Severity and Metrics:

Base Score: 8.70 HIGH
Vector: CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Attack Vector (AV): Adjacent
Attack Complexity (AC): High
Attack Requirements (AT): None
Privileges Required (PR): Low
User Interaction (UI): None
Confidentiality (VC): High
Integrity (VI): High
Availability (VA): None
Confidentiality (SC): High
Integrity (SI): High
Availability (SA): None

Base Score 4.0

8.70

Severity 4.0

HIGH

References to Advisories, Solutions, and Tools

https://issuetracker.google.com/433502298