CVE-2025-67749

Publication date 15 December 2025

Last updated 15 December 2025

Ubuntu priority

Description

PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory. Because the offset and size is controlled through MG header fields, a specially crafted ELF can read data beyond the bounds of mg_buffer and have it reflected back into emulated memory. This issue is fixed in version 2.5.378.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
pcsx2	25.10 questing	Needs evaluation
	25.04 plucky	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2025-67749
https://github.com/PCSX2/pcsx2/security/advisories/GHSA-69wg-97fx-8j5w
https://github.com/PCSX2/pcsx2/pull/13693
https://github.com/PCSX2/pcsx2/commit/0b73eabd9ac19a5e290e7bee48d15be24e7b7d1b
https://github.com/PCSX2/pcsx2/releases/tag/v2.5.378