Vulnerability Description
When decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution (width x height). A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame contents using a run-length encoding algorithm. There are no checks that the decoded frame fits in the allocated buffer, leading to a heap-buffer-overflow. process_frame_obj initializes the buffers based on the frame resolution: We recommend upgrading to version 8.0 or beyond.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-59730?
CVE-2025-59730 is a documented vulnerability. When decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution (width x height). A...
How severe is CVE-2025-59730?
CVSS scoring is not yet available for CVE-2025-59730. Check NVD for updates.
Is there a patch for CVE-2025-59730?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.