CVE-2025-65834

Published: Dec 16, 2025Modified: Jan 7, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A memory access violation occurs when processing MLT project files with manipulated width and height parameters. By setting these values to extremely large numbers, the application attempts to allocate excessive memory during image processing, triggering a buffer overflow in the mlt_image_fill_white function.

Affected (1)

Products: Meltytech: Shotcut

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Meltytech Shotcut	Version 25.10.31

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://bytescan.net/CVE/cve-2025-65834.html

Source: cve@mitre.org

Third Party Advisory

https://sourceforge.net/projects/shotcut/files/v25.10.31/shotcut-macos-25.10.31.dmg/download

Source: cve@mitre.org

Product

Timeline

No history available yet.