UBUNTU-CVE-2025-49589
- Source
- https://ubuntu.com/security/CVE-2025-49589
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-49589.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-49589
- Upstream
- Published
- 2025-06-12T21:15:00Z
- Modified
- 2025-07-14T04:44:15Z
- Severity
-
- 6.1 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414.
- References
-
- https://ubuntu.com/security/CVE-2025-49589
- https://www.cve.org/CVERecord?id=CVE-2025-49589
- https://github.com/PCSX2/pcsx2/security/advisories/GHSA-f494-4xf7-xj35
- https://github.com/PCSX2/pcsx2/commit/1aa922f7007afe71e0b58b0c3bd0833a53cb945c
- https://github.com/PCSX2/pcsx2/commit/8eb46b5a4c0380d59cb540f8b5f59daf8e609bd7
- https://github.com/PCSX2/pcsx2/pull/12823
- https://github.com/PCSX2/pcsx2/pull/12826
Affected packages
Ubuntu:Pro:16.04:LTS / pcsx2
Package
- Name
- pcsx2
- Purl
- pkg:deb/ubuntu/pcsx2@1.4.0+dfsg-1?arch=source&distro=esm-apps/xenial
Ubuntu:Pro:18.04:LTS / pcsx2
Package
- Name
- pcsx2
- Purl
- pkg:deb/ubuntu/pcsx2@1.4.0+dfsg-2?arch=source&distro=esm-apps/bionic
Ubuntu:Pro:20.04:LTS / pcsx2
Package
- Name
- pcsx2
- Purl
- pkg:deb/ubuntu/pcsx2@1.5.0~gfc1d9aef0+dfsg-2?arch=source&distro=esm-apps/focal
Ubuntu:22.04:LTS / pcsx2
Package
- Name
- pcsx2
- Purl
- pkg:deb/ubuntu/pcsx2@1.6.0+dfsg-1build1?arch=source&distro=jammy
Ubuntu:24.04:LTS / pcsx2
Package
- Name
- pcsx2
- Purl
- pkg:deb/ubuntu/pcsx2@1.6.0+dfsg-2ubuntu3?arch=source&distro=noble