Buffer Overflow

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvFirewall. Part of a family of 15+ critical buffer overflows in this router.

Local privilege escalation in Linux kernel f2fs sysfs attributes allows unprivileged users to trigger out-of-bounds memory access and cause denial of service by writing oversized integer values to filesystem control interfaces. The vulnerability stems from improper bounds checking when mapping sysfs attributes to kernel structures of varying integer sizes, enabling attackers to corrupt kernel memory and crash the system. No patch is currently available for this vulnerability.

F2FS swapfile memory corruption in Linux kernel 6.6+ allows local attackers with user privileges to cause data corruption through improper physical block mapping when using fragmented swapfiles smaller than the F2FS section size. Public exploit code exists for this vulnerability, and attackers can trigger dm-verity corruption errors or F2FS node corruption leading to system crashes and data loss. No patch is currently available.

Authenticated users can trigger a stack-based buffer overflow in SonicOS certificate handling to cause denial of service against Sonicos firewalls. The vulnerability requires administrative privileges to exploit and results in firewall crashes rather than code execution. No patch is currently available.

Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. [CVSS 5.4 MEDIUM]

Buffer overflow in OpenEXR's CompositeDeepScanLine::readPixels function allows local attackers to achieve code execution by crafting malicious EXR files that trigger integer wraparound in sample count calculations, resulting in undersized memory allocation followed by heap buffer overrun during decompression. Public exploit code exists for this vulnerability, and patches are available in versions 3.2.6, 3.3.8, and 3.4.6. Organizations using OpenEXR for image processing should prioritize updating to patched versions immediately.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS. Part of a family of 15+ critical buffer overflows in this router.

Heap buffer overflow in dr_libs 0.14.4 and earlier allows attackers to corrupt memory by supplying maliciously crafted WAV files to any application using drwav_init_*_with_metadata() functions. The vulnerability exploits inconsistent validation of sample loop counts between processing passes, enabling 36 bytes of attacker-controlled data to overflow heap allocations. Public exploit code exists for this vulnerability.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter. Part of a family of 15+ critical buffer overflows in this router.

Buffer overflow in Tenda AC15V1.0 via formSetMacFilterCfg. PoC available.

Heap overflow in libbiosig 3.9.2 Intan CLP parsing. PoC available.

Arbitrary code execution in libbiosig 3.9.2 and Master Branch can be triggered by parsing malicious Nicolet WFT files through a heap buffer overflow in the WFT parsing functionality. An attacker can exploit this vulnerability by supplying a crafted .wft file to execute arbitrary code on affected systems. Public exploit code exists for this vulnerability, though no patch is currently available.

An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information leak. [CVSS 6.1 MEDIUM]

WatchGuard Fireware OS contains an out-of-bounds write vulnerability in its management interface that permits authenticated administrators to achieve root-level code execution. The flaw affects versions 11.9 through 11.12.4_Update1, 12.0 through 12.11.7, and 2025.1 through 2026.1.1, with no patch currently available. While exploitation requires high-level administrative privileges, successful attacks grant complete system compromise.

A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. [CVSS 3.3 LOW]

A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agent_deploy_init of the file /agents/deploy/initiate.c of the component Agent Deployment. [CVSS 8.8 HIGH]

Out-of-bounds read in Exiv2's CRW image parser allows remote attackers to cause denial of service and potentially disclose sensitive memory contents through crafted image files. Versions prior to 0.28.8 are affected, and public exploit code exists for this vulnerability. A patch is available that administrators should deploy immediately to prevent exploitation.

Android has a heap buffer overflow in multiple locations enabling privilege escalation through out-of-bounds read and write operations.

Tenda W20E has a ninth buffer overflow in yet another CGI endpoint.

Tenda W20E has an eighth buffer overflow in addDhcpRules parameter.

Tenda W20E has a seventh buffer overflow in gstup parameter handling.

Tenda W20E has a sixth buffer overflow in pPortMapIndex parameter validation.

Tenda W20E has a fifth buffer overflow.

Tenda W20E has a fourth buffer overflow vulnerability.

Tenda W20E has a third buffer overflow in a different CGI parameter.

Tenda W20E has a buffer overflow — second of eight critical vulnerabilities in this router firmware.

A vulnerability was determined in YosysHQ yosy versions up to 0.62. is affected by buffer overflow (CVSS 3.3).

Remote code execution in Tenda AC15 firmware versions up to 15.13.07.13 via a stack-based buffer overflow in the /goform/TextEditingConversion endpoint allows unauthenticated attackers to achieve complete system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, creating immediate risk for deployed devices. An attacker can exploit this remotely with minimal complexity by manipulating the wpapsk_crypto2_4g parameter.

Remote code execution in Tenda F453 firmware versions 1.0.0.3 and earlier results from a buffer overflow in the httpd component's DHCP configuration handler. An authenticated attacker can exploit this vulnerability over the network to achieve complete system compromise, and public exploit code is currently available.

Buffer overflow in Tenda F453 firmware versions 1.0.0.3 allows authenticated remote attackers to achieve full system compromise through malicious wanmode or PPPOEPassword parameters sent to the httpd service. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker can exploit this to execute arbitrary code with complete control over confidentiality, integrity, and availability of affected devices.

A security vulnerability has been detected in jarikomppa soloud versions up to 20200207. is affected by buffer overflow (CVSS 3.3).

A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clear_storages of the file src/lily_emitter.c. [CVSS 3.3 LOW]

A vulnerability was identified in FascinatedBox lily up to 2.3. This issue affects the function patch_line_end of the file src/lily_build_error.c of the component Error Reporting. [CVSS 3.3 LOW]

A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wren_compiler.c. [CVSS 3.3 LOW]

Remote code execution in Tenda F453 Firmware 1.0.0.3 allows authenticated attackers to execute arbitrary code via a buffer overflow in the L7Im web interface parameter handler. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can achieve complete system compromise including data theft, modification, and service disruption.

Remote code execution in Tenda F453 1.0.0.3 DNS firmware via a buffer overflow in the /goform/SetIpBind endpoint allows authenticated attackers to achieve full system compromise. The vulnerability stems from improper input validation of the page parameter and has public exploit code available. An attacker with network access and valid credentials can execute arbitrary code with complete system privileges.

Remote code execution in Tenda F453 Firmware 1.0.0.3 allows authenticated attackers to achieve complete system compromise through a buffer overflow in the QoS settings parameter. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

Buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated remote attackers to achieve complete system compromise through manipulation of the SafeUrlFilter page parameter. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges.

Remote code execution in Tenda F453 firmware (v1.0.0.3) via a buffer overflow in the SafeMacFilter function allows authenticated attackers to execute arbitrary code with full system privileges. The vulnerability stems from insufficient input validation on the page parameter in the /goform/SafeMacFilter endpoint and can be exploited remotely over the network. Public exploit code exists and no patch is currently available.

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. [CVSS 2.2 LOW]

Vim versions prior to 9.2.0076 contain a heap buffer overflow and out-of-bounds read vulnerability in the terminal emulator when handling Unicode combining characters from supplementary planes, allowing a local attacker with user interaction to cause memory corruption and denial of service. The vulnerability requires local access and user interaction to trigger, with no confidentiality impact but potential integrity and availability consequences. A patch is available in version 9.2.0076 and later.

Vim versions prior to 9.2.0074 contain a heap buffer overflow in the Emacs-style tags file parser that allows reading up to 7 bytes of out-of-bounds memory when processing malformed tags files. A local attacker can trigger this vulnerability through a crafted tags file to leak sensitive information from the application's memory. The vulnerability has been patched in version 9.2.0074 and later.

Remote code execution in OCaml versions before 4.14.3 and 5.x before 5.4.1 allows unauthenticated attackers to execute arbitrary code by supplying malicious serialized data that exploits insufficient bounds checking in the Marshal deserialization function. The vulnerability stems from unbounded memory copy operations in the readblock() function that processes attacker-controlled length values, enabling a multi-stage exploitation chain. No patch is currently available for affected systems.

A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scan_string of the file src/be_lexer.c. [CVSS 3.3 LOW]

A vulnerability has been found in libvips 8.19.0. This issue affects the function vips_extract_band_build of the file libvips/conversion/extract.c. [CVSS 3.3 LOW]

A flaw has been found in libvips 8.19.0. This vulnerability affects the function vips_unpremultiply_build of the file libvips/conversion/unpremultiply.c. [CVSS 3.3 LOW]

Heap-based buffer overflow in libvips 8.19.0's vips_bandrank_build function can be triggered by manipulating the index argument, allowing local attackers with user privileges to corrupt heap memory and potentially achieve code execution. Public exploit code exists for this vulnerability, and a patch is available to address the issue.

Remote code execution in Tenda F453 firmware allows authenticated attackers to achieve complete system compromise through a buffer overflow in the httpd address NAT function. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

Remote code execution in Tenda F453 firmware through a buffer overflow in the L7Prot HTTP handler allows unauthenticated attackers to achieve full system compromise via a malicious page parameter. Public exploit code exists for this vulnerability, increasing the risk of widespread attacks. No patch is currently available, leaving affected devices vulnerable until firmware updates are released.

Stack-based buffer overflow in ThinkWise by SimTech Systems allows unauthenticated remote code execution via crafted network input.

Unauthenticated attackers can exploit a stack buffer overflow in XWEB Pro firmware (versions 1.12.1 and earlier) through an unprotected API endpoint to corrupt memory and crash the affected device. This vulnerability impacts Xweb 500b Pro, 300d Pro, and 500d Pro models, causing denial of service with no authentication required. No patch is currently available for this issue.

Remote code execution in Tenda F453 firmware version 1.0.0.3 allows authenticated attackers to execute arbitrary code via a buffer overflow in the wireless security settings endpoint. The vulnerability exists in the httpd component's formWrlsafeset function and can be triggered through manipulation of the mit_ssid_index parameter. Public exploit code is available and no patch has been released.

Unauthenticated remote attackers can execute arbitrary code on Tenda F453 devices running firmware 1.0.0.3 by exploiting a stack buffer overflow in the DHCP list client function through the httpd service. Public exploit code exists for this vulnerability and no patch is currently available. The attack requires network access but no user interaction, making it trivial to exploit.

Remote code execution in Tenda F453 firmware through a buffer overflow in the P2pListFilter HTTP handler allows authenticated attackers to achieve complete system compromise. Public exploit code exists for this vulnerability, creating immediate risk for deployed devices. No patch is currently available, leaving affected systems vulnerable to exploitation.

Heap buffer overflow in Crypt::SysRandom::XS before version 0.010 allows denial of service through negative length parameter validation bypass in the random_bytes() function. When negative values are passed to the function, integer wraparound causes incorrect memory allocation and unbounded writes to heap memory, triggering application crashes. Exploitation requires attacker control over the length argument, which in typical usage is hardcoded, limiting practical attack scenarios.

Golioth Pouch versions prior to commit 1b2219a1 suffer from a heap buffer overflow in BLE GATT server certificate handling that fails to validate fragment sizes during assembly, allowing unauthenticated adjacent attackers to trigger memory corruption and denial of service. An attacker can send maliciously sized certificate fragments that exceed the allocated buffer capacity, causing heap overflow conditions that crash the application and potentially corrupt adjacent memory structures. No patch is currently available for this vulnerability.

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The golioth_payload_as_int() and golioth_payload_as_float() helpers copy network-supplied payload data into fixed-size stack buffers using memcpy() with a length derived from payload_size. The only length checks are guarded by assert(); in release builds, the asserts are compiled out and memcpy() may copy an unbounded payload_size. Payloads larger than 12 bytes...

Stack buffer overflow in GPAC's NHML file parser (versions up to 26.02.0) allows local attackers to achieve code execution by crafting malicious XML files with oversized xmlHeaderEnd attributes that bypass length validation. The vulnerability stems from unsafe use of strcpy() in src/filters/dmx_nhml.c and affects systems processing untrusted NHML files. Public exploit code exists for this vulnerability, though a patch is available.

Heap buffer over-read in ImageMagick and Magick.NET's DJVU image handler allows local attackers to read out-of-bounds memory through integer truncation in stride calculations. An attacker can trigger this vulnerability by supplying a malicious DJVU file, potentially leading to information disclosure or application crashes. Updates are available for ImageMagick versions 7.1.2-15, 6.9.13-40 and later.

Magick.NET and ImageMagick versions before 7.1.2-15 and 6.9.13-40 are vulnerable to heap buffer over-read when processing low-resolution images with the wavelet-denoise filter, allowing local attackers to read sensitive memory. This out-of-bounds read could expose confidential information from adjacent heap memory with no possibility of code execution or denial of service. A patch is available for affected users.

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 versions up to 0.8.1 is affected by integer underflow (CVSS 8.1).

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 8.8 HIGH]

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 8.8 HIGH]

FreeRDP versions prior to 3.23.0 are vulnerable to a buffer overread in icon data processing that allows denial of service when clients receive crafted RDP Window Icon data from a server or network attacker. An unauthenticated remote attacker can exploit this vulnerability to crash the FreeRDP client by sending malicious icon structures during the RDP connection. A patch is available in version 3.23.0 and later.

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Buffer overflow in Tenda F453 firmware httpd SafeEmailFilter function allows authenticated remote attackers to achieve complete system compromise through manipulation of the page parameter. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges (read, write, execute).

Unauthenticated attackers can exploit a buffer overflow in the Tenda F453 firmware's NatStaticSetting endpoint to achieve remote code execution by manipulating the page parameter. Public exploit code is available and actively being leveraged in the wild. No patch is currently available, leaving affected devices vulnerable.

Unauthenticated attackers can trigger a buffer overflow in the Tenda F453 firmware via the webSiteId parameter in the /goform/webtypelibrary endpoint, enabling remote code execution with full system compromise. Public exploit code is available and actively deployed against affected devices. No patch has been released.

Remote code execution in Tenda F453 firmware version 1.0.0.3 exists through a buffer overflow in the httpd component's RouteStatic function when processing the page parameter. An unauthenticated attacker on the network can exploit this vulnerability to execute arbitrary code with full system privileges. Public exploit code is available and no patch is currently available.

Remote code execution in Tenda F453 firmware 1.0.0.3 through buffer overflow in the WiFi configuration handler allows authenticated attackers to execute arbitrary code with full system privileges. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the httpd component's wireless settings function and can be exploited over the network by any authenticated user.

Libvips up to version 8.18.0 contains a heap buffer overflow in the CSV parsing function that allows local attackers with user-level privileges to corrupt memory and potentially execute arbitrary code. Public exploit code is available for this vulnerability, and a patch has been released to address the issue.

Stack-based buffer overflow in CodeAstro Food Ordering System 1.0 allows local attackers with user privileges to corrupt memory and potentially execute arbitrary code, with public exploit code currently available. The vulnerability affects food_ordering.exe through an undocumented function and requires local access to exploit. No patch is currently available for affected systems.

SonicOS management interface suffers from stack-based buffer overflow flaws in an API endpoint that allow authenticated administrators to trigger denial of service conditions through improper input validation. The vulnerability affects Stack Overflow and Sonicos products but currently lacks an available patch, leaving deployed systems exposed to authenticated attack vectors with no mitigation path.

Invalid pointer in Firefox DOM Core & HTML before 148. Incorrect pointer computation leads to memory access errors.

JIT miscompilation in Firefox WebAssembly before 148. The JIT compiler generates incorrect Wasm code, enabling type confusion. PoC available.

Boundary error in Firefox Audio/Video GMP (Gecko Media Plugins) component before 148. Media plugin processing triggers memory corruption.

Invalid pointer in Firefox JavaScript Engine before 148. Incorrect pointer computation leads to memory corruption.

Integer overflow in Firefox NSS (Network Security Services) Libraries component before 148. Overflow in the cryptographic library could affect TLS and certificate operations.

Boundary error in Firefox Networking JAR component before 148. Processing JAR (Java Archive) content triggers memory corruption.

Sandbox escape via DOM Core & HTML component in Firefox before 148. CVSS 10.0 — fifth sandbox escape in this release.

Sandbox escape via Telemetry component in Firefox external software before 148. CVSS 10.0 — fourth sandbox escape in this release, through the telemetry subsystem.

Boundary error in Firefox Web Audio component before 148. Crafted audio processing triggers memory corruption.

Undefined behavior in Firefox DOM Core & HTML component before 148. Can lead to memory corruption and potential code execution.

OpenEXR versions 3.3.0-3.3.6 and 3.4.0-3.4.4 are vulnerable to a heap buffer overflow in file parsing due to improper integer handling when processing malformed EXR files, allowing attackers to trigger a denial of service through memory-mapped streams. Public exploit code exists for this vulnerability. Patched versions 3.3.7 and 3.4.5 are available.