CVE-2025-9688: 
Linux Debian vulnerability analysis and mitigation

A security vulnerability (CVE-2025-9688) has been identified in Mupen64Plus versions up to 2.6.0. The vulnerability affects the writeisviewer function in the src/device/cart/is_viewer.c file, which is susceptible to an integer overflow condition. The vulnerability was disclosed on August 30, 2025, and a patch has been released with the identifier 3984137fc0c44110f1ef876adb008885b05a6e18 (NVD, AttackerKB).

The vulnerability is characterized by an integer overflow condition in the writeisviewer function. It has been assigned a CVSS v4.0 base score of 2.3 (Low) with the vector string CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P. The vulnerability is also rated with a CVSS v3.1 base score of 5.0 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L. The issue has been classified under CWE-189 (Numeric Errors) and CWE-190 (Integer Overflow or Wraparound) (NVD).

The vulnerability has low to medium severity impact across confidentiality, integrity, and availability. While the attack can be initiated remotely, it requires user interaction and has high attack complexity. The potential impact includes buffer overflow conditions that could lead to memory corruption (NVD).

A patch has been released to address the vulnerability. The fix involves additional checks to prevent integer overflow conditions in the writeisviewer function. The patch can be identified by the commit 3984137fc0c44110f1ef876adb008885b05a6e18 in the Mupen64Plus core repository (Github Patch).