CVE-2025-47256

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-47256

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-47256.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-47256

Related

UBUNTU-CVE-2025-47256

Published

2025-05-06T20:15:27Z

Modified

2025-05-17T14:08:09.005776Z

Summary

[none]

Details

Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file.

References

Affected packages

Debian:11 / libxmp

Package

Name: libxmp
Purl: pkg:deb/debian/libxmp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.1-3

4.5.0-1~exp1

4.5.0-1

4.5.0-2

4.6.0-1

4.6.0-2

4.6.0-3~bpo12+1

4.6.0-3

4.6.1-1

4.6.1-2

4.6.2-1

4.6.2-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libxmp

Package

Name: libxmp
Purl: pkg:deb/debian/libxmp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.5.0-2

4.6.0-1

4.6.0-2

4.6.0-3~bpo12+1

4.6.0-3

4.6.1-1

4.6.1-2

4.6.2-1

4.6.2-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libxmp

Package

Name: libxmp
Purl: pkg:deb/debian/libxmp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.6.2-2

Affected versions

4.*

4.5.0-2

4.6.0-1

4.6.0-2

4.6.0-3~bpo12+1

4.6.0-3

4.6.1-1

4.6.1-2

4.6.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/libxmp/libxmp

Affected ranges

Type: GIT
Repo: https://github.com/libxmp/libxmp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

828ef357943e1fbb13910e7a6fca21987c5c5827

Affected versions

2.*

2.2.0

2.3.0

2.3.1

2.3.2

2.4.0

2.4.1

2.5.0

2.5.1

2.7.0

2.7.0-win32-amigaconf.patch

2.7.1

3.*

3.0.0

3.0.0-pre1

3.0.1

3.1.0

3.2.0

3.3.0

3.4.0

3.4.1

3.5.0

android-1.*

android-1.0.1

android-1.1

android-1.2

android-1.9

android-1.9.1

android-1.9.2

android-1.9.3

android-1.9.4

android-1.9.5

android-2.*

android-2.0.0

android-2.0.1

android-2.0.2

android-2.0.3

android-2.1.0

android-2.1.1

android-2.2.0

android-2.3.0

android-2.4.0

android-2.9.0

android-2.9.1

android-2.9.2

android-3.*

android-3.0.0

android-3.0.1

android-3.0.2

android-3.1.0

android-3.1.1

android-3.1.2

android-3.2.0

android-3.2.1

android-3.3.0

android-3.4.0

android-3.4.1

android-3.4.2

android-3.4.3

android-3.4.4

android-3.5.0

android-3.6.0

android-3.6.2

api-4.*

api-4.0

Other

git_import

import

libxmp-3.*

libxmp-3.9.0

libxmp-3.9.1

libxmp-3.9.2

libxmp-3.9.3

libxmp-3.9.4

libxmp-4.*

libxmp-4.0.0

libxmp-4.0.1

libxmp-4.0.2

libxmp-4.0.3

libxmp-4.0.4

libxmp-4.1.0

libxmp-4.1.1

libxmp-4.1.2

libxmp-4.1.3

libxmp-4.1.4

libxmp-4.1.5

libxmp-4.2.0

libxmp-4.2.1

libxmp-4.2.2

libxmp-4.2.3

libxmp-4.2.4

libxmp-4.2.5

libxmp-4.2.6

libxmp-4.2.7

libxmp-4.2.8

libxmp-4.3.0

libxmp-4.3.1

libxmp-4.3.10

libxmp-4.3.11

libxmp-4.3.12

libxmp-4.3.13

libxmp-4.3.2

libxmp-4.3.3

libxmp-4.3.4

libxmp-4.3.5

libxmp-4.3.6

libxmp-4.3.7

libxmp-4.3.8

libxmp-4.3.9

libxmp-4.4.0

libxmp-4.4.1

libxmp-4.5.0

libxmp-4.6.0

libxmp-4.6.1

libxmp-4.6.2

v2.*

v2.6.0

v2.6.1

v2.6.2

xmp-3.*

xmp-3.9.0

xmp-3.9.1

xmp-4.*

xmp-4.0.0

xmp-4.0.1

xmp-4.0.2

xmp-4.0.3

xmp-4.0.4

xmp-4.0.5

xmp-4.0.6