CVE-2025-14549

HIGH

Eclipse OMR <0.7.0 - Buffer Overflow

Title source: llm

Description

In the Eclipse OMR compiler component, since release 0.7.0, an optimization enabled for Eclipse OpenJ9 consumers of OMR on Z processors incorrectly handles NUL (0x00) characters during the Latin-compatible charset (UTF-8, ISO8859-1, ASCII, etc) to IBM-1047/037 translation sequence. This can cause the output byte array to be truncated, discarding the first NUL byte and all subsequent characters, and thereby exposing a possible buffer over-read problem. This issue is fixed in Eclipse OMR version 0.8.0.

References (1)

[Issue Tracking, Patch] https://github.com/eclipse-omr/omr/pull/8073

Scores

CVSS v3 8.1

EPSS 0.0006

EPSS Percentile 18.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Classification

CWE

CWE-125

Status published

Affected Products (1)

eclipse/omr

Timeline

Published Dec 15, 2025

Tracked Since Feb 18, 2026