Hi ,
Yes before this patches , code is vulnerable. see [1].

[1] https://security-tracker.debian.org/tracker/CVE-2025-54770

I just back port the solution from commit from Debian link given in [1].

please check it.

Regards,
Hitendra