{"url":"http://public2.vulnerablecode.io/api/packages/98812?format=json","purl":"pkg:deb/debian/pcsx2@1.6.0%2Bdfsg-1?distro=trixie","type":"deb","namespace":"debian","name":"pcsx2","version":"1.6.0+dfsg-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.0+dfsg-1","latest_non_vulnerable_version":"2.6.3+dfsg-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98132?format=json","vulnerability_id":"VCID-jfsm-kzbr-yfav","summary":"PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49589","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49589"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107756","reference_id":"1107756","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107756"},{"reference_url":"https://github.com/PCSX2/pcsx2/pull/12823","reference_id":"12823","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T14:06:48Z/"}],"url":"https://github.com/PCSX2/pcsx2/pull/12823"},{"reference_url":"https://github.com/PCSX2/pcsx2/pull/12826","reference_id":"12826","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T14:06:48Z/"}],"url":"https://github.com/PCSX2/pcsx2/pull/12826"},{"reference_url":"https://github.com/PCSX2/pcsx2/security/advisories/GHSA-f494-4xf7-xj35","reference_id":"GHSA-f494-4xf7-xj35","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T14:06:48Z/"}],"url":"https://github.com/PCSX2/pcsx2/security/advisories/GHSA-f494-4xf7-xj35"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98816?format=json","purl":"pkg:deb/debian/pcsx2@1.6.0%2Bdfsg-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-waaa-8hxm-g3aa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcsx2@1.6.0%252Bdfsg-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98815?format=json","purl":"pkg:deb/debian/pcsx2@2.4.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcsx2@2.4.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98814?format=json","purl":"pkg:deb/debian/pcsx2@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcsx2@2.6.3%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2025-49589"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jfsm-kzbr-yfav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109120?format=json","vulnerability_id":"VCID-waaa-8hxm-g3aa","summary":"PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory. Because the offset and size is controlled through MG header fields, a specially crafted ELF can read data beyond the bounds of mg_buffer and have it reflected back into emulated memory. This issue is fixed in version 2.5.378.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67749"},{"reference_url":"https://github.com/PCSX2/pcsx2/commit/0b73eabd9ac19a5e290e7bee48d15be24e7b7d1b","reference_id":"0b73eabd9ac19a5e290e7bee48d15be24e7b7d1b","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T14:59:05Z/"}],"url":"https://github.com/PCSX2/pcsx2/commit/0b73eabd9ac19a5e290e7bee48d15be24e7b7d1b"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122861","reference_id":"1122861","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122861"},{"reference_url":"https://github.com/PCSX2/pcsx2/security/advisories/GHSA-69wg-97fx-8j5w","reference_id":"GHSA-69wg-97fx-8j5w","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T14:59:05Z/"}],"url":"https://github.com/PCSX2/pcsx2/security/advisories/GHSA-69wg-97fx-8j5w"},{"reference_url":"https://github.com/PCSX2/pcsx2/releases/tag/v2.5.378","reference_id":"v2.5.378","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T14:59:05Z/"}],"url":"https://github.com/PCSX2/pcsx2/releases/tag/v2.5.378"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98815?format=json","purl":"pkg:deb/debian/pcsx2@2.4.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcsx2@2.4.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98814?format=json","purl":"pkg:deb/debian/pcsx2@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcsx2@2.6.3%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2025-67749"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-waaa-8hxm-g3aa"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcsx2@1.6.0%252Bdfsg-1%3Fdistro=trixie"}