Security tracker / CVE-2025-40082

CVE-2025-40082

hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in 94458781aee6 ("hfsplus: fix slab-out-of-bounds read in
 carnil> hfsplus_uni2asc()"). Vulnerable versions: 5.4.297 5.10.241 5.15.190 6.1.149
 carnil> 6.6.103 6.12.43 6.15.11 6.16.2 6.17.

Bugs

Status

Branch	Status
upstream	released (6.18-rc1) [bea3e1d4467bcf292c8e54f080353d556d355e26]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	released (6.17.3) [857aefc70d4ae3b9bf1ae67434d27d0f79f80c9e]
6.12-upstream-stable	needed
6.6-upstream-stable	needed
6.1-upstream-stable	needed
5.10-upstream-stable	needed
sid	released (6.17.6-1)
6.12-trixie-security	needed
6.1-bookworm-security	needed
5.10-bullseye-security	needed