{"id":"CVE-2025-14957","details":"A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereference. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 6fb2b917a79578ab44cf3b900a6da4c27251e0d4. Applying a patch is advised to resolve this issue.","modified":"2026-04-12T13:53:04.910422Z","published":"2025-12-19T17:15:51.657Z","references":[{"type":"WEB","url":"https://github.com/oneafter/1204/blob/main/af1"},{"type":"WEB","url":"https://github.com/WebAssembly/binaryen/"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.717317"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.717319"},{"type":"ADVISORY","url":"https://vuldb.com/?id.337593"},{"type":"REPORT","url":"https://github.com/WebAssembly/binaryen/pull/8099"},{"type":"REPORT","url":"https://github.com/WebAssembly/binaryen/issues/8090"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.337593"},{"type":"FIX","url":"https://github.com/WebAssembly/binaryen/commit/6fb2b917a79578ab44cf3b900a6da4c27251e0d4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/webassembly/binaryen","events":[{"introduced":"0"},{"last_affected":"6ec7b5f9c615d3b224c67ae221d6812c8f8e1a96"},{"fixed":"6fb2b917a79578ab44cf3b900a6da4c27251e0d4"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"125"}]}}],"versions":["1.36.10","1.36.11","1.36.12","1.36.13","1.36.14","1.36.2","1.36.3","1.36.4","1.36.5","1.36.6","1.36.7","1.36.8","1.36.9","1.37.0","1.37.1","1.37.10","1.37.11","1.37.12","1.37.13","1.37.14","1.37.15","1.37.16","1.37.17","1.37.18","1.37.19","1.37.2","1.37.20","1.37.21","1.37.22","1.37.23","1.37.24","1.37.25","1.37.26","1.37.27","1.37.28","1.37.29","1.37.3","1.37.30","1.37.31","1.37.32","1.37.33","1.37.34","1.37.35","1.37.36","1.37.37","1.37.39","1.37.4","1.37.40","1.37.5","1.37.6","1.37.7","1.37.8","1.37.9","1.38.0","1.38.1","1.38.10","1.38.11","1.38.12","1.38.13","1.38.14","1.38.15","1.38.16","1.38.17","1.38.18","1.38.19","1.38.2","1.38.20","1.38.21","1.38.22","1.38.23","1.38.24","1.38.25","1.38.26","1.38.27","1.38.28","1.38.29","1.38.3","1.38.30","1.38.31","1.38.32","1.38.4","1.38.47","1.38.48","1.38.5","1.38.6","1.38.7","1.38.8","1.38.9","1.39.1","binary_0xb","rebuild-121","version_1","version_10","version_100","version_101","version_102","version_103","version_104","version_105","version_106","version_107","version_108","version_109","version_11","version_110","version_111","version_112","version_113","version_114","version_115","version_116","version_117","version_118","version_119","version_12","version_120","version_120_b","version_121","version_122","version_123","version_124","version_125","version_13","version_14","version_15","version_16","version_17","version_18","version_19","version_2","version_20","version_21","version_22","version_23","version_24","version_25","version_26","version_27","version_28","version_29","version_3","version_30","version_31","version_32","version_33","version_34","version_35","version_36","version_37","version_38","version_39","version_4","version_40","version_41","version_42","version_43","version_44","version_45","version_46","version_47","version_48","version_49","version_5","version_50","version_51","version_52","version_53","version_54","version_55","version_56","version_57","version_58","version_59","version_6","version_60","version_61","version_62","version_63","version_64","version_65","version_66","version_67","version_68","version_69","version_7","version_70","version_71","version_72","version_73","version_74","version_75","version_76","version_77","version_78","version_79","version_8","version_80","version_81","version_82","version_83","version_84","version_85","version_86","version_87","version_88","version_89","version_9","version_90","version_91","version_92","version_93","version_94","version_95","version_96","version_97","version_98","version_99"],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_type":"Function","digest":{"length":231,"function_hash":"37150401213921437638495408923897731541"},"target":{"file":"src/wasm/wasm-ir-builder.cpp","function":"IRBuilder::makeLocalGet"},"signature_version":"v1","source":"https://github.com/webassembly/binaryen/commit/6fb2b917a79578ab44cf3b900a6da4c27251e0d4","id":"CVE-2025-14957-05b5addf"},{"deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["65441754353024101277539308434159489327","207873389646354154682199852490523773173","219349994740340068868696286143452017109","166706870223361901880824879789026356755","232751961893424969708494111437530940202","141402255153278176322461148032485203893","74260984435590539904607112954906817945","66222039135351211860914597854891841928","209497641050048235992456462459555589116","318822604100098903653366680634304782248","302096927631525680812671872706320625246","66222039135351211860914597854891841928"]},"target":{"file":"src/wasm/wasm-ir-builder.cpp"},"signature_version":"v1","source":"https://github.com/webassembly/binaryen/commit/6fb2b917a79578ab44cf3b900a6da4c27251e0d4","id":"CVE-2025-14957-9724968f"},{"deprecated":false,"signature_type":"Function","digest":{"length":280,"function_hash":"289982815675862881458904321668324794935"},"target":{"file":"src/wasm/wasm-ir-builder.cpp","function":"IRBuilder::makeLocalSet"},"signature_version":"v1","source":"https://github.com/webassembly/binaryen/commit/6fb2b917a79578ab44cf3b900a6da4c27251e0d4","id":"CVE-2025-14957-9efbc9e0"},{"deprecated":false,"signature_type":"Function","digest":{"length":313,"function_hash":"282749212566432830466598371267514264991"},"target":{"file":"src/wasm/wasm-ir-builder.cpp","function":"IRBuilder::makeLocalTee"},"signature_version":"v1","source":"https://github.com/webassembly/binaryen/commit/6fb2b917a79578ab44cf3b900a6da4c27251e0d4","id":"CVE-2025-14957-f6e01615"}],"vanir_signatures_modified":"2026-04-12T13:53:04Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14957.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}