1. Home
  2. CVE Database
  3. CVE-2025-59728
NONE · 0

CVE-2025-59728

When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a...

Vulnerability Description

When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is not an empty string, it is assigned to root_url at [1].If the last (non-NUL) byte in this buffer is not '/' then we append '/' in-place at [2]. This will write two bytes into the buffer, starting at the last valid byte in the buffer, writing the NUL byte beyond the end of the allocated buffer. We recommend upgrading to version 8.0 or beyond.

Related Weaknesses (CWE)

CWE-787

References

FAQ

What is CVE-2025-59728?

CVE-2025-59728 is a documented vulnerability. When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a...

How severe is CVE-2025-59728?

CVSS scoring is not yet available for CVE-2025-59728. Check NVD for updates.

Is there a patch for CVE-2025-59728?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.