CVE-2025-65834CRITICAL 9.8EPSS p25.6%

CVE-2025-65834CVE-2025-65834

Description

Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A memory access violation occurs when processing MLT project files with manipulated width and height parameters. By setting these values to extremely large numbers, the application attempts to allocate excessive memory during image processing, triggering a buffer overflow in the mlt_image_fill_white function.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.34% probability of exploitation · percentile 25.6% · 2026-06-19T12:03:05Z
Published2025-12-16
Last modified2026-01-07

Underlying weaknesses· 1

CWE-120

References

  1. https://bytescan.net/CVE/cve-2025-65834.html
  2. https://sourceforge.net/projects/shotcut/files/v25.10.31/shotcut-macos-25.10.31.dmg/download

1

TypeTargetConfidenceTier
WeaknessBuffer Copy without Checking Size of Input ('Classic Buffer Overflow')cwe-1200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-45624
CVE
CVE-2026-25897
CVE
CVE-2026-25968
CVE
CVE-2026-53465
CVE
CVE-2025-57803
CVE
CVE-2025-32460
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.