CVE-2025-59728

06.10.2025, 08:15

When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContentbelow [0], it returns a buffer precisely allocated to match the string length, using strdupinternally. If this buffer is not an empty string, it is assigned to root_urlat [1].If the last (non-NUL) byte in this buffer is not '/'then we append '/'in-place at [2]. This will write two bytes into the buffer, starting at the last valid byte in the buffer, writing the NUL byte beyond the end of the allocated buffer.
We recommend upgrading to version 8.0 or beyond.

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
Google	CNA	---	---
CISA-ADP	ADP	---	---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://issuetracker.google.com/433502298