DEBIAN-CVE-2025-15412
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-15412
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-15412.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-15412
- Upstream
- Published
- 2026-01-01T21:15:41.067Z
- Modified
- 2026-01-02T11:15:37.740496Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.
- References
Affected packages
Debian:11 / wabt
Package
- Name
- wabt
- Purl
- pkg:deb/debian/wabt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.0.20-1
1.0.21-1
1.0.24-1
1.0.24-2
1.0.25-1
1.0.26-1
1.0.27-1
1.0.28-1
1.0.29-1
1.0.30-1
1.0.31-1
1.0.32-1
1.0.33-1
1.0.34-1
1.0.34+dsfg2+~cs1.0.32-1
1.0.34+dsfg2+~cs1.0.32-2
1.0.34+dsfg2+~cs1.0.32-3
1.0.34+dsfg2+~cs1.0.32-4
1.0.34+dsfg+~cs1.0.32-1
1.0.36+dfsg+~cs1.0.36-1
1.0.36+dfsg+~cs1.0.36-2
Debian:12 / wabt
Package
- Name
- wabt
- Purl
- pkg:deb/debian/wabt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / wabt
Package
- Name
- wabt
- Purl
- pkg:deb/debian/wabt?arch=source
Debian:14 / wabt
Package
- Name
- wabt
- Purl
- pkg:deb/debian/wabt?arch=source