| Título | libretro RetroArch v1.20.0/v1.19.0/v1.18.0 Out-of-Bounds Read |
|---|
| Descrição | Title:
Out-of-Bounds Read in filestream_vscanf() of libretro RetroArch due to Missing sscanf() Result Check
Description:
A vulnerability in the filestream_vscanf() function of libretro's RetroArch (latest version at time of reporting) allows an attacker to trigger an out-of-bounds read due to improper handling of the return value from sscanf(). Specifically, the code fails to verify whether sscanf() returns 0, which results in the use of an uninitialized or attacker-controlled sublen value. This variable is used to increment a buffer iterator (bufiter), leading to out-of-bounds memory access.
An attacker can exploit this by crafting malicious format strings such as %*d%s or %d%*d%s, which can either leave sublen uninitialized or influence its value directly, enabling controlled memory leaks. This could expose sensitive data or lead to application instability. Found by Simcha Kosman
Affected Component:
filestream_vscanf() in libretro-common/streams/file_stream.c - https://github.com/libretro/RetroArch/blob/6c7522fef85825a1e376d5c11828f59134fda8d3/libretro-common/streams/file_stream.c#L298
Fixed At:
https://github.com/libretro/RetroArch/pull/17555 |
|---|
| Utilizador | simkca (UID 81003) |
|---|
| Submissão | 17/07/2025 12h03 (há 9 meses) |
|---|
| Moderação | 19/08/2025 07h31 (1 month later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 320516 [libretro RetroArch 1.18.0/1.19.0/1.20.0 file_stream.c filestream_vscanf Divulgação de Informação] |
|---|
| Pontos | 17 |
|---|