CVE-2025-14957 | WebAssembly Binaryen up to 125 IRBuilder wasm-ir-builder.cpp makeLocalTee Index null pointer dereference (Issue 8090)

A vulnerability labeled as problematic has been found in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereference.

This vulnerability is uniquely identified as CVE-2025-14957. Local access is required to approach this attack. Moreover, an exploit is present.

Applying a patch is advised to resolve this issue.VulDB Recent EntriesRead More