{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2025-9688","title":"Title"},{"category":"description","text":"A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used. The identifier of the patch is 3984137fc0c44110f1ef876adb008885b05a6e18. To fix this issue, it is recommended to deploy a patch.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2025-9688","url":"https://www.suse.com/security/cve/CVE-2025-9688"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1249035 for CVE-2025-9688","url":"https://bugzilla.suse.com/1249035"}],"title":"SUSE CVE CVE-2025-9688","tracking":{"current_release_date":"2025-12-19T00:47:05Z","generator":{"date":"2025-09-02T23:28:03Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2025-9688","initial_release_date":"2025-09-02T23:28:03Z","revision_history":[{"date":"2025-09-02T23:28:03Z","number":"2","summary":"Current version"},{"date":"2025-12-17T00:47:28Z","number":"3","summary":"description changed"},{"date":"2025-12-19T00:47:05Z","number":"4","summary":"description changed"}],"status":"interim","version":"4"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}},{"category":"product_version","name":"libmupen64plus-devel-2.6.0-2.1","product":{"name":"libmupen64plus-devel-2.6.0-2.1","product_id":"libmupen64plus-devel-2.6.0-2.1","product_identification_helper":{"purl":"pkg:rpm/suse/libmupen64plus-devel@2.6.0-2.1"}}},{"category":"product_version","name":"libmupen64plus2-2.6.0-2.1","product":{"name":"libmupen64plus2-2.6.0-2.1","product_id":"libmupen64plus2-2.6.0-2.1","product_identification_helper":{"purl":"pkg:rpm/suse/libmupen64plus2@2.6.0-2.1"}}},{"category":"product_version","name":"mupen64plus-plugin-audio-sdl-2.6.0-2.1","product":{"name":"mupen64plus-plugin-audio-sdl-2.6.0-2.1","product_id":"mupen64plus-plugin-audio-sdl-2.6.0-2.1","product_identification_helper":{"purl":"pkg:rpm/suse/mupen64plus-plugin-audio-sdl@2.6.0-2.1"}}},{"category":"product_version","name":"mupen64plus-plugin-input-sdl-2.6.0-2.1","product":{"name":"mupen64plus-plugin-input-sdl-2.6.0-2.1","product_id":"mupen64plus-plugin-input-sdl-2.6.0-2.1","product_identification_helper":{"purl":"pkg:rpm/suse/mupen64plus-plugin-input-sdl@2.6.0-2.1"}}},{"category":"product_version","name":"mupen64plus-plugin-rsp-hle-2.6.0-2.1","product":{"name":"mupen64plus-plugin-rsp-hle-2.6.0-2.1","product_id":"mupen64plus-plugin-rsp-hle-2.6.0-2.1","product_identification_helper":{"purl":"pkg:rpm/suse/mupen64plus-plugin-rsp-hle@2.6.0-2.1"}}},{"category":"product_version","name":"mupen64plus-plugin-video-glide64mk2-2.6.0-2.1","product":{"name":"mupen64plus-plugin-video-glide64mk2-2.6.0-2.1","product_id":"mupen64plus-plugin-video-glide64mk2-2.6.0-2.1","product_identification_helper":{"purl":"pkg:rpm/suse/mupen64plus-plugin-video-glide64mk2@2.6.0-2.1"}}},{"category":"product_version","name":"mupen64plus-plugin-video-rice-2.6.0-2.1","product":{"name":"mupen64plus-plugin-video-rice-2.6.0-2.1","product_id":"mupen64plus-plugin-video-rice-2.6.0-2.1","product_identification_helper":{"purl":"pkg:rpm/suse/mupen64plus-plugin-video-rice@2.6.0-2.1"}}},{"category":"product_version","name":"mupen64plus-ui-console-2.6.0-2.1","product":{"name":"mupen64plus-ui-console-2.6.0-2.1","product_id":"mupen64plus-ui-console-2.6.0-2.1","product_identification_helper":{"purl":"pkg:rpm/suse/mupen64plus-ui-console@2.6.0-2.1"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"libmupen64plus-devel-2.6.0-2.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libmupen64plus-devel-2.6.0-2.1"},"product_reference":"libmupen64plus-devel-2.6.0-2.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libmupen64plus2-2.6.0-2.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libmupen64plus2-2.6.0-2.1"},"product_reference":"libmupen64plus2-2.6.0-2.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"mupen64plus-plugin-audio-sdl-2.6.0-2.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:mupen64plus-plugin-audio-sdl-2.6.0-2.1"},"product_reference":"mupen64plus-plugin-audio-sdl-2.6.0-2.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"mupen64plus-plugin-input-sdl-2.6.0-2.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:mupen64plus-plugin-input-sdl-2.6.0-2.1"},"product_reference":"mupen64plus-plugin-input-sdl-2.6.0-2.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"mupen64plus-plugin-rsp-hle-2.6.0-2.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:mupen64plus-plugin-rsp-hle-2.6.0-2.1"},"product_reference":"mupen64plus-plugin-rsp-hle-2.6.0-2.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"mupen64plus-plugin-video-glide64mk2-2.6.0-2.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:mupen64plus-plugin-video-glide64mk2-2.6.0-2.1"},"product_reference":"mupen64plus-plugin-video-glide64mk2-2.6.0-2.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"mupen64plus-plugin-video-rice-2.6.0-2.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:mupen64plus-plugin-video-rice-2.6.0-2.1"},"product_reference":"mupen64plus-plugin-video-rice-2.6.0-2.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"mupen64plus-ui-console-2.6.0-2.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:mupen64plus-ui-console-2.6.0-2.1"},"product_reference":"mupen64plus-ui-console-2.6.0-2.1","relates_to_product_reference":"openSUSE Tumbleweed"}]},"vulnerabilities":[{"cve":"CVE-2025-9688","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-9688"}],"notes":[{"category":"general","text":"A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used. The identifier of the patch is 3984137fc0c44110f1ef876adb008885b05a6e18. To fix this issue, it is recommended to deploy a patch.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:libmupen64plus-devel-2.6.0-2.1","openSUSE Tumbleweed:libmupen64plus2-2.6.0-2.1","openSUSE Tumbleweed:mupen64plus-plugin-audio-sdl-2.6.0-2.1","openSUSE Tumbleweed:mupen64plus-plugin-input-sdl-2.6.0-2.1","openSUSE Tumbleweed:mupen64plus-plugin-rsp-hle-2.6.0-2.1","openSUSE Tumbleweed:mupen64plus-plugin-video-glide64mk2-2.6.0-2.1","openSUSE Tumbleweed:mupen64plus-plugin-video-rice-2.6.0-2.1","openSUSE Tumbleweed:mupen64plus-ui-console-2.6.0-2.1"]},"references":[{"category":"external","summary":"CVE-2025-9688","url":"https://www.suse.com/security/cve/CVE-2025-9688"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1249035 for CVE-2025-9688","url":"https://bugzilla.suse.com/1249035"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:libmupen64plus-devel-2.6.0-2.1","openSUSE Tumbleweed:libmupen64plus2-2.6.0-2.1","openSUSE Tumbleweed:mupen64plus-plugin-audio-sdl-2.6.0-2.1","openSUSE Tumbleweed:mupen64plus-plugin-input-sdl-2.6.0-2.1","openSUSE Tumbleweed:mupen64plus-plugin-rsp-hle-2.6.0-2.1","openSUSE Tumbleweed:mupen64plus-plugin-video-glide64mk2-2.6.0-2.1","openSUSE Tumbleweed:mupen64plus-plugin-video-rice-2.6.0-2.1","openSUSE Tumbleweed:mupen64plus-ui-console-2.6.0-2.1"]}],"threats":[{"category":"impact","date":"2025-09-01T16:00:20Z","details":"moderate"}],"title":"CVE-2025-9688"}]}