VYPR

DHAV file parsing

by Google

CVEs (1)

  • CVE-2025-59729MedOct 6, 2025
    risk 0.37cvss epss 0.00

    When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAX_DURATION_BUFFER_SIZE bytes (0x100000) for example…