Unrated severityNVD Advisory· Published Aug 19, 2025· Updated Aug 19, 2025

libretro RetroArch file_stream.c filestream_vscanf out-of-bounds

CVE-2025-9136

Description

A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It is recommended to upgrade the affected component.

Affected products

Libretro/Retroarchllm-fuzzy2 versions
>=1.18.0 <=1.20.0+ 1 more
- (no CPE)range: >=1.18.0 <=1.20.0
- (no CPE)range: 1.18.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/libretro/RetroArch/pull/17555/commits/6446f045ec7fc6a5cac3e8ec35a2f0a5889c88e8mitreissue-trackingpatch
github.com/libretro/RetroArch/releases/tag/v1.21.0mitrepatch
vuldb.commitrethird-party-advisory
github.com/libretro/RetroArch/pull/17555mitreissue-tracking
github.com/libretro/RetroArch/pull/17555mitreissue-tracking
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000