{ "affected": [ { "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0b73eabd9ac19a5e290e7bee48d15be24e7b7d1b" } ], "repo": "https://github.com/pcsx2/pcsx2", "type": "GIT" }, { "events": [ { "introduced": "0" }, { "fixed": "8164f2b2db6993170aced27d171bdc4e1f2eb5c8" } ], "repo": "https://github.com/pcsx2/pcsx2", "type": "GIT" } ] } ], "aliases": [ "GHSA-69wg-97fx-8j5w" ], "database_specific": { "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-125" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/67xxx/CVE-2025-67749.json" }, "details": "PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory. Because the offset and size is controlled through MG header fields, a specially crafted ELF can read data beyond the bounds of mg_buffer and have it reflected back into emulated memory. This issue is fixed in version 2.5.378.", "id": "CVE-2025-67749", "modified": "2026-04-01T23:09:33.959285053Z", "published": "2025-12-12T22:24:57.520Z", "references": [ { "type": "WEB", "url": "https://github.com/PCSX2/pcsx2/releases/tag/v2.5.378" }, { "type": "ADVISORY", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/67xxx/CVE-2025-67749.json" }, { "type": "ADVISORY", "url": "https://github.com/PCSX2/pcsx2/security/advisories/GHSA-69wg-97fx-8j5w" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67749" }, { "type": "FIX", "url": "https://github.com/PCSX2/pcsx2/commit/0b73eabd9ac19a5e290e7bee48d15be24e7b7d1b" } ], "schema_version": "1.7.3", "severity": [ { "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N", "type": "CVSS_V4" } ], "summary": "PCSX2 has an Out-of-bounds Read due to unchecked offset and size passed to memcpy" }