Meltytech Shotcut Buffer Overflow Vulnerability

A buffer overflow vulnerability has been identified in Meltytech Shotcut version 25.10.31. This issue arises in the MLT Framework's image processing component when the application processes project files with manipulated width and height parameters. Setting these values to extremely large numbers causes the application to attempt to allocate excessive memory for image processing, leading to a memory access violation in the 'mlt_image_fill_white' function.

Impact

Exploitation of this vulnerability causes a memory access violation, leading to application crashes. While this denial-of-service impact disrupts user productivity and could cause loss of unsaved work or data corruption if a crash occurs during a save operation, it also creates a potential social engineering risk by disguising malicious project files as legitimate.

Reproduction

To reproduce this vulnerability, open a manipulated MLT project file in Shotcut 25.10.31. The file must contain extreme width and height parameters that exceed normal limits. When the project is loaded, the application will attempt to process the image data, leading to a buffer overflow and causing the application to crash.