CVE-2025-62672

NameCVE-2025-62672
Descriptionrplay through 3.3.2 allows attackers to cause a denial of service (SIGSEGV and daemon crash) or possibly have unspecified other impact. This occurs in memcpy in the RPLAY_DATA case in rplay_unpack in librplay/rplay.c, potentially reachable via packet data with no authentication.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1118224

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
rplay (PTS)bookworm, bullseye3.3.2-18vulnerable
trixie3.3.2-20vulnerable
forky, sid3.3.2-21vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
rplaysource(unstable)(unfixed)1118224

Notes

https://www.openwall.com/lists/oss-security/2025/10/17/3
https://www.openwall.com/lists/oss-security/2025/10/18/4
Search for package or bug name: Reporting problems