Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 43: retroarch Critical Buffer Overflow Issue FEDORA-2025-6e0627440a

fedora
Calendar Grey December 25, 2025
Dist Fedora Esm H88
Critical security update for retroarch on Fedora 43 addresses buffer overflow risks. Install promptly to secure your systems.
Update to 1.22.0

Summary

libretro is an API that exposes generic audio/video/input callbacks. A frontend

for libretro (such as RetroArch) handles video output, audio output, input and

application lifecycle. A libretro core written in portable C or C++ can run

seamlessly on many platforms with very little to no porting effort.

While RetroArch is the reference frontend for libretro, several other projects

have used the libretro interface to include support for emulators and/or game

engines. libretro is completely open and free for anyone to use.

For how to download and install more libretro cores please read included

README.fedora.md file.

Update Information:

Update to 1.22.0

Topics%20covered

Topics Covered

security advisory fedora update critical cross-platform RetroArch

Change Log

* Thu Dec 18 2025 Artem Polishchuk - 1.22.0-1 - Update to 1.22.0 * Thu Nov 6 2025 Dominik 'Rathann' Mierzejewski - 1.19.0-15 - Fixed build with FFmpeg 8 * Wed Oct 15 2025 Dominik 'Rathann' Mierzejewski - 1.19.0-14 - Rebuilt for FFmpeg 8

References


[ 1 ] Bug #2290413 - retroarch-1.22.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2290413 [ 2 ] Bug #2381834 - CVE-2025-53817 retroarch: 7-Zip Null pointer array write [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2381834 [ 3 ] Bug #2381837 - CVE-2025-53816 retroarch: 7-Zip heap buffer overflow [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2381837 [ 4 ] Bug #2387650 - CVE-2025-55188 retroarch: 7-Zip Symbolic Link Extraction Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2387650 [ 5 ] Bug #2389431 - CVE-2025-9136 retroarch: libretro RetroArch file_stream.c filestream_vscanf out-of-bounds [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2389431 [ 6 ] Bug #2415383 - Broken AppStream metadata https://bugzilla.redhat.com/show_bug.cgi?id=2415383 [ 7 ] Bug #2418241 - CVE-2025-11001 retroarch: 7-Zip ZIP File Parsing Directory Traversal Remote Code Executio...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6e0627440a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: retroarch
Product: Fedora 43
Version: 1.22.0
Release: 1.fc43
URL: https://www.libretro.com/
Summary: Cross-platform, sophisticated frontend for the libretro API.

Topics%20covered

Topics Covered

security advisory fedora update critical cross-platform RetroArch

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here