Buffer Overflow

Stack-based buffer overflow in libfastcommon's base64_decode function allows local attackers with user-level privileges to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability affecting libfastcommon versions up to 1.0.84. A patch is available and should be applied immediately to mitigate the risk.

Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.8 MEDIUM]

Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]

Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 7.3 HIGH]

Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.9 MEDIUM]

Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. [CVSS 4.8 MEDIUM]

Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.0 MEDIUM]

Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. [CVSS 6.2 MEDIUM]

10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. [CVSS 8.4 HIGH]

Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. [CVSS 5.5 MEDIUM]

Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. [CVSS 8.4 HIGH]

Buffer overflow in 10-Strike Network Inventory Explorer 9.03 file import functionality allows attackers to execute arbitrary code via crafted import files. PoC available.

Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. [CVSS 6.2 MEDIUM]

Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. [CVSS 5.5 MEDIUM]

Buffer overflow in B64dec 1.1.2 base64 decoder allows attackers to execute arbitrary code by overwriting structured exception handler pointers. PoC available.

CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. [CVSS 5.5 MEDIUM]

Buffer overflow in Rubo DICOM Viewer 2.0 through the DICOM server name input field allows attackers to execute arbitrary code. PoC available.

Stack-based buffer overflow in Nsauditor Network Auditing Tool 3.0.28 and 3.2.1.0 in the DNS Lookup tool allows attackers to execute arbitrary code via crafted input. PoC available.

Out-of-bounds memory read in iccDEV versions prior to 2.3.1.3 allows local attackers to disclose sensitive memory contents or trigger application crashes by crafting malformed ICC color profiles that bypass array bounds validation. The vulnerability exists in IccCmm.cpp during profile index processing and has public exploit code available. Update to version 2.3.1.3 or later to remediate.

Heap buffer overflow in iccDEV versions prior to 2.3.1.3 allows local attackers to achieve code execution with high privileges by crafting malformed ICC color profile files that trigger unsafe memory operations during file parsing. Public exploit code exists for this vulnerability. All users of iccDEV should upgrade to version 2.3.1.3 or later immediately.

Heap buffer overflow in iccDEV versions prior to 2.3.1.3 allows local attackers with user interaction to read sensitive memory and potentially execute code by supplying malformed XML files to the iccFromXml tool during ICC profile conversion. Public exploit code exists for this vulnerability. A patch is available in version 2.3.1.3 and later.

jsonwebtoken prior to version 10.3.0 allows attackers to bypass JWT time-based validation checks through type confusion when standard claims like nbf or exp are provided with incorrect JSON types. The library incorrectly treats malformed claims as absent rather than invalid, enabling bypass of critical security restrictions if validation is enabled but the claim is not explicitly marked as required. Public exploit code exists for this vulnerability.

A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. [CVSS 7.3 HIGH]

Autodesk 3ds Max is vulnerable to arbitrary code execution when processing maliciously crafted GIF files due to a stack-based buffer overflow (CVE-2026-0536, CVSS 7.8). Local attackers can exploit this vulnerability by tricking users into opening a malicious GIF file to execute code with the privileges of the 3ds Max process. No patch is currently available.

The Linux kernel bonding driver fails to validate device types before enabling 802.3AD mode, allowing local privileged attackers to trigger out-of-bounds memory reads via malformed hardware address operations. This vulnerability affects systems running vulnerable Linux kernel versions and could lead to denial of service or information disclosure. No patch is currently available for this high-severity vulnerability.

Local stack buffer overflow in the Linux kernel's AD3552R DAC driver allows a local authenticated attacker to write beyond allocated buffer boundaries through improper bounds checking in the ad3552r_hs_write_data_source function. An attacker with local access can trigger out-of-bounds writes on the stack, potentially leading to privilege escalation or denial of service. No patch is currently available for this vulnerability.

A buffer overflow in the Linux kernel's ALSA scarlett2 USB driver allows local attackers with user privileges to corrupt memory and potentially execute code by triggering improper endianness conversion during audio device configuration retrieval. The vulnerability stems from incorrect size validation that causes the function to access more bytes than allocated when processing multiple configuration elements. No patch is currently available for this vulnerability affecting Linux systems with Scarlett audio interfaces.

Out-of-bounds array access in the Linux kernel's ctxfi audio mixer driver allows local attackers with user privileges to read sensitive memory or cause denial of service through improper loop index initialization in the amixer_index() and sum_index() functions. The vulnerability stems from uninitialized conf field handling that enables array bounds bypass with no user interaction required. No patch is currently available for this high-severity issue affecting all Linux distributions.

The RSI911x WiFi driver in the Linux kernel fails to allocate sufficient memory for virtual interface driver data, causing out-of-bounds writes to the ieee80211_vif structure and memory corruption. A local attacker with low privileges can exploit this to corrupt kernel memory and potentially execute arbitrary code. No patch is currently available.

The Linux kernel's ARM IOMMU page table unmapping function returns a signedness-corrupted value when encountering unmapped memory, causing IOVA address overflow that triggers a kernel panic. Local attackers with sufficient privileges can exploit this to cause a denial of service by attempting to unmap invalid IOMMU pages. A patch is not yet available for this medium-severity vulnerability.

Arbitrary code execution in Autodesk 3ds Max via malicious GIF file parsing exploits a stack-based buffer overflow vulnerability, allowing local attackers to execute code with the privileges of the application. The vulnerability requires user interaction to open a crafted GIF file and currently has no available patch. This affects 3ds Max users who may unknowingly process untrusted image files.

Malicious USD files trigger an out-of-bounds write vulnerability in Autodesk Arnold and 3ds Max, enabling arbitrary code execution within the affected application when a user loads or imports the crafted file. Local attackers with user interaction can exploit this to gain full system compromise with the privileges of the running process. No patch is currently available.

Arbitrary code execution in Autodesk 3ds Max occurs when processing specially crafted GIF files due to an out-of-bounds write flaw. Attackers can exploit this vulnerability locally to execute malicious code with the privileges of the application user. No patch is currently available for affected systems.

In the Linux kernel, the following vulnerability has been resolved: w1: therm: Fix off-by-one buffer overflow in alarms_store The sysfs buffer passed to alarms_store() is allocated with 'size + 1' bytes and a NUL terminator is appended.

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc.

LanSend 3.2 has a buffer overflow in the Add Computers Wizard file import enabling code execution through crafted computer list files.

Remote Desktop Audit 2.3.0.157 has a buffer overflow enabling code execution through crafted RDP scan responses.

CloudMe 1.11.2 cloud sync application has a buffer overflow enabling remote code execution through the network sync protocol.

Konica Minolta FTP Utility 1.0 has a second buffer overflow in the NLST command, providing an additional RCE vector alongside the LIST vulnerability.

Konica Minolta FTP Utility 1.0 has a buffer overflow in the LIST command allowing remote attackers to execute code on systems running the utility.

Filetto 1.0 FTP server has a denial of service vulnerability in FEAT command processing causing uncontrolled resource consumption.

GoldWave 5.70 audio editor has a buffer overflow enabling code execution through crafted audio files.

StreamRipper32 2.6 has a buffer overflow in the Station/Song Section allowing remote code execution through crafted audio stream metadata.

Heap buffer overflow in Chrome's libvpx video codec allows remote attackers to achieve arbitrary code execution through a malicious webpage, requiring only user interaction to trigger exploitation. The vulnerability affects Chrome versions prior to 144.0.7559.132 and currently lacks a patch. With a CVSS score of 8.8, this high-severity flaw poses significant risk to users who visit compromised or attacker-controlled websites.

An out-of-bounds read vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.

A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.

A heap-based buffer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.

Fast DDS (eProsima) has a heap buffer overflow in its C++ DDS implementation that allows remote attackers to execute code through crafted DDS protocol messages.

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). [CVSS 7.5 HIGH]

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). [CVSS 7.5 HIGH]

Arbitrary code execution in iccDEV versions prior to 2.3.1.2 via stack-based buffer overflow in the icFixXml() function when parsing malformed ICC color profiles with crafted NamedColor2 tags. Local attackers with user interaction can exploit this vulnerability to execute arbitrary code with high impact on confidentiality, integrity, and availability. Public exploit code exists and a patch is available in version 2.3.1.2 and later.

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). [CVSS 7.5 HIGH]

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. [CVSS 8.0 HIGH]

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network packets containing an excessive number of host entries This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

A950Rg Firmware versions up to 4.1.2cu.5204_b20210112 is affected by classic buffer overflow (CVSS 6.5).

TOTOLINK A950RG has a third buffer overflow in setRadvdCfg providing yet another RCE vector through the router's IPv6 configuration interface.

TOTOLINK A950RG has a stack-based buffer overflow in a second endpoint, providing an additional RCE vector through the router's CGI interface.

TOTOLINK A950RG router firmware has a buffer overflow in setUrlFilterRules that allows remote attackers to execute code through the router's management interface.

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). [CVSS 7.5 HIGH]

ELECOM wireless LAN access point devices have a stack-based buffer overflow that allows remote attackers to execute code or crash the device via crafted packets.

Libsoup's multipart HTTP response parser contains a stack buffer overflow stemming from faulty length validation, enabling remote attackers to trigger memory corruption and potentially execute arbitrary code without authentication. Applications using libsoup to process untrusted server responses face crash or code execution risks. No patch is currently available.

OpenWRT and related SDKs are vulnerable to a heap buffer overflow in the WLAN component that allows adjacent network attackers to execute privilege escalation without user interaction or special permissions. The out-of-bounds write condition enables attackers on the same network segment to gain elevated system privileges. No patch is currently available for this vulnerability.

Buffer overflow in Quick Player 1.3 via crafted .m3l playlist file allows arbitrary code execution. PoC available.

Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. [CVSS 8.4 HIGH]

Buffer overflow in 10-Strike Bandwidth Monitor 3.9 bypasses SafeSEH, ASLR, and DEP protections. PoC available.

Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. [CVSS 8.4 HIGH]

Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. [CVSS 8.4 HIGH]

RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. [CVSS 8.4 HIGH]

Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. [CVSS 8.4 HIGH]

FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. [CVSS 8.4 HIGH]

Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field that allows attackers to execute arbitrary code. [CVSS 8.4 HIGH]

Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. [CVSS 8.4 HIGH]

Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. [CVSS 8.4 HIGH]

Buffer overflow in NetPCLinker 1.0.0.0 DNS/IP field allows shell command execution. PoC available.

Buffer overflow in Totolink A3600R firmware version 5.9c.4959 allows authenticated remote attackers to execute arbitrary code through the setAppEasyWizardConfig function via a malformed apcliSsid parameter. Public exploit code exists for this vulnerability and no patch is currently available. Affected devices are at high risk given the lack of mitigation options and active exploitation potential.

A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem. [CVSS 6.5 MEDIUM]

Tenda AC21 firmware versions up to 16.03.08.16 contain a stack-based buffer overflow in the /goform/AdvSetMacMtuWan endpoint that can be exploited remotely by authenticated attackers to achieve arbitrary code execution. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score (8.8) reflects the severity of this flaw affecting device confidentiality, integrity, and availability.

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder.

Remote code execution in TP-Link VIGI C385 cameras results from improper input validation in the Web API that allows authenticated attackers to trigger buffer overflows and corrupt memory. An attacker with valid credentials can exploit this vulnerability to execute arbitrary code with elevated privileges on affected devices. No patch is currently available for this high-severity issue.

Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. [CVSS 8.4 HIGH]

Buffer overflow in BearShare Lite 5.2.5 Advanced Search keywords input allows code execution. PoC available.

Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. [CVSS 8.4 HIGH]

Stack buffer overflow in Free MP3 CD Ripper 2.8 allows remote code execution via crafted WAV files. PoC available.