Unrated severityOSV Advisory· Published Dec 15, 2025· Updated Dec 15, 2025

OMR on Z processors Exposing a possible buffer over-read problem

CVE-2025-14549

Description

In the Eclipse OMR compiler component, since release 0.7.0, an optimization enabled for Eclipse OpenJ9 consumers of OMR on Z processors incorrectly handles NUL (0x00) characters during the Latin-compatible charset (UTF-8, ISO8859-1, ASCII, etc) to IBM-1047/037 translation sequence. This can cause the output byte array to be truncated, discarding the first NUL byte and all subsequent characters, and thereby exposing a possible buffer over-read problem. This issue is fixed in Eclipse OMR version 0.8.0.

Affected products

Eclipse/OmrOSV2 versions
omr-0.1.0, omr-0.2.0, omr-0.3.0, …+ 1 more
- (no CPE)range: omr-0.1.0, omr-0.2.0, omr-0.3.0, …
- (no CPE)range: >=0.7.0, <0.8.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/eclipse-omr/omr/pull/8073mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000