Total
2558 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29069 | 2025-04-04 | 7.3 High | ||
| A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations. NOTE: this is disputed by the Supplier because the finding identified a bug in a third-party calling program, not in lcms. | ||||
| CVE-2024-0145 | 2025-04-04 | 6.8 Medium | ||
| NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a heap-based buffer overflow issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering. | ||||
| CVE-2022-1891 | 1 Lenovo | 12 Thinkbook 14-iil, Thinkbook 14-iil Firmware, Thinkbook 14-iml and 9 more | 2025-04-03 | 6.7 Medium |
| A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. | ||||
| CVE-2024-27209 | 1 Google | 1 Android | 2025-04-03 | 8.4 High |
| there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2022-40655 | 1 Nikon | 1 Nis-elements Viewer | 2025-04-03 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ND2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15071. | ||||
| CVE-2025-1943 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 8.2 High |
| Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Thunderbird < 136. | ||||
| CVE-2006-4192 | 2 Modplug, Redhat | 2 Tracker, Enterprise Linux | 2025-04-03 | N/A |
| Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files. | ||||
| CVE-2022-1892 | 1 Lenovo | 140 100e 2nd Gen, 100e 2nd Gen Firmware, 100w Gen 3 and 137 more | 2025-04-02 | 6.7 Medium |
| A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. | ||||
| CVE-2023-0433 | 1 Vim | 1 Vim | 2025-04-02 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. | ||||
| CVE-2025-31164 | 2025-04-01 | 6.6 Medium | ||
| heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline. | ||||
| CVE-2022-1890 | 1 Lenovo | 12 Thinkbook 14-iil, Thinkbook 14-iil Firmware, Thinkbook 14-iml and 9 more | 2025-04-01 | 6.7 Medium |
| A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. | ||||
| CVE-2025-24439 | 1 Adobe | 1 Substance 3d Sampler | 2025-04-01 | 7.8 High |
| Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-24443 | 1 Adobe | 1 Substance 3d Sampler | 2025-04-01 | 7.8 High |
| Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-42405 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-03-31 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18367. | ||||
| CVE-2024-55627 | 1 Oisf | 1 Suricata | 2025-03-31 | 5.9 Medium |
| Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8. | ||||
| CVE-2024-28572 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | 6.2 Medium |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format. | ||||
| CVE-2022-42403 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-03-27 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18892. | ||||
| CVE-2022-34400 | 1 Dell | 166 Alienware M15 R6, Alienware M15 R6 Firmware, Alienware M15 R7 and 163 more | 2025-03-27 | 7.1 High |
| Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM. | ||||
| CVE-2022-45491 | 1 Json.h Project | 1 Json.h | 2025-03-26 | 7.8 High |
| Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | ||||
| CVE-2025-2618 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2025-03-26 | 9.8 Critical |
| A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||