Security Vulnerability - Private Disclosure Request
@ddennedy
I have discovered a security vulnerability in Shotcut 25.10.31 and need to coordinate private disclosure.
CVE Information:
- CVE ID: CVE-2025-65834 (assigned by MITRE on December 4, 2025)
- Type: Buffer Overflow
- Component: MLT Framework image processing
- Severity: Denial of Service
Request:
Since this repository does not have private security advisories enabled, I need a secure communication channel. Could you please provide:
- A direct email address for security reports, OR
- Enable private security advisories on this repo, OR
- Your preferred method for coordinating disclosure
Commitment:
I am following responsible disclosure practices and will NOT post:
- Technical details
- Proof of concept code
- Reproduction steps
- Any information that could enable exploitation
...until we have coordinated a disclosure timeline together.
Proposed Timeline:
- Standard 90-day disclosure window from today, OR
- Earlier coordinated disclosure upon patch release
Contact Information:
I'm happy to work with your timeline and provide any technical details you need privately.
Thank you,
Mo
Security Vulnerability - Private Disclosure Request
@ddennedy
I have discovered a security vulnerability in Shotcut 25.10.31 and need to coordinate private disclosure.
CVE Information:
Request:
Since this repository does not have private security advisories enabled, I need a secure communication channel. Could you please provide:
Commitment:
I am following responsible disclosure practices and will NOT post:
...until we have coordinated a disclosure timeline together.
Proposed Timeline:
Contact Information:
I'm happy to work with your timeline and provide any technical details you need privately.
Thank you,
Mo