Buffer Overflow
Monthly
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability [CVSS 7.8 HIGH]
Privilege escalation in Azure Linux Virtual Machines results from a heap-based buffer overflow that authenticated local users can exploit to gain elevated system access. An attacker with valid credentials can trigger memory corruption to bypass privilege restrictions and assume administrative control of the affected virtual machine. No patch is currently available, making this a critical risk for organizations running Azure Linux infrastructure.
vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 versions up to 1.0.1 is affected by classic buffer overflow (CVSS 8.8).
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. [CVSS 8.1 HIGH]
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M80 Series M80 and M80W, E80 Series E80, C80 Series C80, M700V Series M750VW, M720VW, 730VW, M720VS, M730VS, and M750VS, M70V Series M70V, E70 Series E70, and Software Tools NC Trainer2 and NC Trainer2 plus allows a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition by sending specially crafted packets to TCP port 683. [CVSS 5.9 MEDIUM]
Medium severity vulnerability in ImageMagick. A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur.
Medium severity vulnerability in ImageMagick. A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur.
BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the `-bilateral-blur` operation an out of bounds read can occur. ``` ================================================================= ==676172==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50a0000079c0 at pc 0x57b483c722f7 bp 0x7fffc0acd380 sp 0x7fffc0acd370 READ of size 4 at 0x50a0000079c0 thread T0 ```
Medium severity vulnerability in ImageMagick. A heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write.
High severity vulnerability in ImageMagick. MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack.
ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by buffer overflow (CVSS 5.7).
High severity vulnerability in ImageMagick. An integer overflow in DIB coder can result in out of bounds read or write
Heap over-read in ImageMagick's MAT decoder prior to versions 7.1.2-16 and 6.9.13-41 results from incorrect arithmetic parenthesization, allowing remote attackers to leak sensitive memory contents and cause denial of service through crafted MAT image files. The vulnerability requires no authentication or user interaction and affects systems using vulnerable ImageMagick versions for image processing. No patch is currently available, leaving users dependent on upgrading to patched versions when released.
Medium severity vulnerability in ImageMagick. A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data.
Medium severity vulnerability in ImageMagick. A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation.
High severity vulnerability in ImageMagick. A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption.
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup. [CVSS 7.5 HIGH]
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534. [CVSS 7.5 HIGH]
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52. [CVSS 7.5 HIGH]
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. [CVSS 6.2 MEDIUM]
The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. [CVSS 7.5 HIGH]
Remote code execution in UTT HiPER 810G firmware through version 1.7.7-1711 via a buffer overflow in the /goform/formApMail handler allows authenticated attackers to achieve complete system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at elevated risk. The attack requires network access but no user interaction, making it a significant threat to organizations using this device.
Unauthenticated remote attackers can achieve complete system compromise (code execution, data theft, and denial of service) against UTT HiPER 810G firmware versions up to 1.7.7-1711 through a buffer overflow in the /goform/getOneApConfTempEntry endpoint. Public exploit code is available and actively being leveraged in attacks. No patch is currently available for affected devices.
Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows authenticated remote attackers to achieve complete system compromise through a malformed page parameter in the /goform/P2pListFilter endpoint. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk of code execution and data theft.
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise. [CVSS 8.8 HIGH]
Stack overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows authenticated attackers to achieve remote code execution through a malicious page parameter in the /goform/DhcpListClient endpoint. Public exploit code is available and the vulnerability remains unpatched, creating significant risk for deployed devices. This affects both the Tenda FH1202 router and Stack Overflow services with high severity impact on confidentiality, integrity, and availability.
Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote authenticated attackers to achieve complete system compromise through manipulation of the page parameter in the /goform/NatStaticSetting function. Public exploit code exists for this vulnerability and no patch is currently available. The flaw requires valid credentials but can be exploited over the network with no user interaction.
Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote authenticated attackers to achieve full system compromise through manipulation of the webSiteId parameter in the /goform/webtypelibrary function. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score of 8.8 reflects the potential for complete confidentiality, integrity, and availability impact.
Remote code execution in Atop Technologies EHG2408-series industrial Ethernet switches (including the EHG2408 and EHG2408-2SFP firmware) allows unauthenticated attackers to hijack the device's execution flow via a stack-based buffer overflow and run arbitrary code. The flaw was reported through Taiwan's CERT (TWCERT) and carries a CVSS 4.0 base score of 9.3, reflecting fully unauthenticated network exploitation with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and the EPSS score is low (0.14%, 34th percentile), suggesting exploitation has not yet been observed at scale.
Stack overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote attackers with low privileges to execute arbitrary code through crafted mit_ssid parameters sent to the AdvSetWrlsafeset function. Public exploit code exists for this vulnerability and no patch is currently available. The attack requires network access but no user interaction, making it readily exploitable in affected deployments.
Remote code execution in Tenda i3 1.0.0.6(2204) firmware allows unauthenticated attackers to achieve full system compromise through a stack-based buffer overflow in the WifiMacFilterSet function. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring immediate mitigation through network segmentation or device isolation.
Remote code execution in Tenda i3 firmware versions up to 1.0.0.6(2204) via stack-based buffer overflow in the WiFi MAC filter function allows unauthenticated attackers to achieve full system compromise over the network. Public exploit code exists for this vulnerability and no patch is currently available. The flaw requires only low complexity to exploit and affects the confidentiality, integrity, and availability of affected devices.
Stack-based buffer overflow in Tenda i3 1.0.0.6(2204) firmware allows authenticated remote attackers to achieve code execution by manipulating the cmdinput parameter in the /goform/exeCommand function. Public exploit code exists for this vulnerability and no patch is currently available, placing affected devices at immediate risk.
Stack-based buffer overflow in Tenda i3 1.0.0.6(2204) firmware allows authenticated remote attackers to achieve complete system compromise through manipulation of ping parameters in the setAutoPing function. Public exploit code exists for this vulnerability and no patch is currently available, creating significant risk for affected deployments.
Stack overflow in Tenda i3 firmware version 1.0.0.6(2204) allows authenticated remote attackers to achieve full system compromise through a malformed funcpara1 parameter in the /goform/setcfm endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.
Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability. [CVSS 7.5 HIGH]
Stack-based buffer overflow in Delta Electronics COMMGR2 communication management software. ICS vulnerability enabling remote code execution on industrial communication gateways.
Stack-based buffer overflow in Tenda F453 firmware 1.0.0.3 allows remote attackers with valid credentials to achieve unauthenticated code execution through a malformed GO parameter in the WrlclientSet function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations using vulnerable F453 devices should implement network segmentation and access controls to mitigate exploitation risk.
Stack-based buffer overflow in Tenda F453 firmware version 1.0.0.3 allows authenticated remote attackers to achieve complete system compromise through a malformed GO parameter in the WrlExtraSet function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems face high risk of unauthorized code execution, data theft, and service disruption.
Stack-based buffer overflow in Tenda F453 firmware allows unauthenticated remote attackers to execute arbitrary code through the cmdinput parameter in the /goform/exeCommand function, with public exploit code already available. The vulnerability affects F453 firmware version 1.0.0.3 and has a CVSS score of 8.8, enabling complete compromise of affected devices without requiring user interaction. No patch is currently available.
Out-of-bounds read in libssh versions up to 0.11.3 allows remote attackers to cause denial of service by manipulating the idx argument in the SFTP extension name handler functions. The vulnerability resides in the sftp_extensions_get_name and sftp_extensions_get_data functions, enabling unauthenticated attackers to trigger memory access violations without user interaction. Upgrading to libssh 0.11.4 or 0.12.0 resolves this issue.
Remote code execution in Tenda F453 firmware versions 1.0.0.3 and 3.As via stack-based buffer overflow in the PPTP client configuration endpoint allows unauthenticated network attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for affected devices.
Stack-based buffer overflow in Tenda F453 firmware versions 1.0.0.3/1.1f allows authenticated remote attackers to execute arbitrary code through malformed funcname/funcpara1 parameters in the /goform/setcfm endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score of 8.8 reflects the complete compromise potential of affected devices.
Stack-based buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated attackers to achieve remote code execution through improper input validation in the QuickIndex handler. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at significant risk of compromise.
Stack-based buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated remote attackers to achieve full system compromise through a malicious page parameter in the webExcptypemanFilter function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but no user interaction, making it a significant risk for affected devices.
Remote code execution in Wavlink WL-WN579X3-C firmware through stack-based buffer overflow in the firewall.cgi module allows unauthenticated attackers to achieve complete system compromise via manipulation of the del_flag parameter. Public exploit code exists for this vulnerability, and no patch is currently available despite vendor notification. Affected users should immediately restrict network access to the affected device until a firmware update becomes available.
Heap buffer overflow in libpng's pnm2png utility (versions up to 1.6.55) allows local attackers to corrupt memory and potentially execute code by supplying malicious width or height parameters. The vulnerability requires local access and public exploit code is available. The maintainers have not yet provided a patch despite early notification.
Integer overflow in MrNanko webp4j versions up to 1.3.x within the GIF decoder's DecodeGifFromMemory function allows local attackers to trigger memory corruption through manipulation of the canvas_height parameter. Public exploit code exists for this vulnerability, and no patch is currently available. Affected users should restrict local access to the application until an update is released.
Wavlink NU516U1 firmware 251208 has a buffer overflow enabling remote code execution through crafted HTTP requests to the CGI interface.
Remote code execution in H3C Magic B1 firmware through a buffer overflow in the SSID configuration function allows unauthenticated attackers to gain complete system compromise over the network. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification. The flaw affects firmware versions up to 100R004 and requires only low complexity to exploit with valid credentials.
Remote code execution in UTT HiPER 810G firmware up to version 1.7.7-171114 through a stack buffer overflow in the DNS filter configuration function allows authenticated attackers to execute arbitrary commands with full system privileges. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring organizations to implement network-level mitigations or device replacement until a fix is released.
Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 stems from an unsafe strcpy operation in the /goform/formRemoteControl function that enables unauthenticated attackers to trigger a buffer overflow. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.
A buffer overflow in the NTP configuration handler of UTT HiPER 810G firmware versions up to 1.7.7-171114 enables authenticated remote attackers to achieve complete system compromise through memory corruption. Public exploit code exists for this vulnerability, and no patch is currently available. Affected devices face immediate risk of remote code execution with high privileges from any authenticated user.
Stack Overflow's Language Package Configuration Handler contains a stack-based buffer overflow in the httpd component that can be triggered by manipulating the Language parameter, allowing authenticated remote attackers to achieve code execution. The vulnerability affects Planet ICG-2510 1.0_20250811 and currently lacks an available patch. An attacker with valid credentials can exploit this remotely without user interaction to potentially compromise the affected system.
Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. [CVSS 7.5 HIGH]
Perl Crypt::NaCl::Sodium module through 2.002 has potential integer overflows in cryptographic operations that could weaken security guarantees.
Remote code execution in Tenda FH451 firmware via stack-based buffer overflow in the QuickIndex function allows unauthenticated attackers to execute arbitrary code by sending crafted requests with oversized PPPOEPassword parameters. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and affects firmware version 1.0.0.9 and potentially other versions.
Remote code execution in Tenda FH451 firmware via stack-based buffer overflow in the WAN configuration endpoint allows unauthenticated attackers to achieve full system compromise through malicious wanmode or PPPOEPassword parameters. Public exploit code exists for this vulnerability, and no patch is currently available. Stack Overflow products are also reported as affected.
Stack overflow in Tenda FH451 firmware's setcfm function allows authenticated remote attackers to achieve complete system compromise through malicious funcname or funcpara1 parameters. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects firmware version 1.0.0.9 and enables remote code execution with high impact to confidentiality, integrity, and availability.
A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compound_document::read_directory of the file source/detail/cryptography/compound_document.cpp of the component Encrypted XLSX File Parser. [CVSS 3.3 LOW]
A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_document.cpp of the component XLSX File Parser. [CVSS 3.3 LOW]
eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing 255 bytes of data that triggers a buffer overflow condition when processed by the application. [CVSS 6.2 MEDIUM]
PJSIP versions prior to 2.17 are vulnerable to a stack buffer overflow in the RTP payload parsing mechanism when processing more frames than allocated buffers can accommodate, enabling remote denial of service attacks over the network without authentication. An attacker can trigger a crash by sending specially crafted RTP packets containing excessive frame data, causing the application to become unavailable.
Stack-based buffer overflow in Wavlink WL-NU516U1 firmware's login.cgi allows remote attackers with high privileges to achieve complete system compromise through a malformed ipaddr parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables unauthenticated remote code execution with full read, write, and execution capabilities on affected devices.
A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component etterfilter. [CVSS 3.3 LOW]
A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. [CVSS 7.8 HIGH]
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule. Part of a family of 15+ critical buffer overflows in this router.
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]
Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]
Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 4.0 MEDIUM]
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. [CVSS 5.3 MEDIUM]
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWWConfig. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. Part of a family of 15+ critical buffer overflows in this router.
D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. [CVSS 9.8 CRITICAL]
Google Chrome versions before 145.0.7632.159 contain a heap buffer overflow in the WebCodecs component that enables remote attackers to write data outside allocated memory bounds through malicious HTML pages. An unauthenticated attacker can exploit this vulnerability with minimal user interaction to achieve arbitrary code execution on affected systems. A patch is available in Chrome 145.0.7632.159 and later.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formDeviceReboot. Part of a family of 15+ critical buffer overflows in this router.
OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software is affected by buffer overflow (CVSS 6.8).
Memory corruption in Cisco Secure Firewall ASA and FTD OSPF packet processing allows adjacent, unauthenticated attackers to crash affected devices by sending crafted protocol packets. The vulnerability results in device reboot and denial of service, with no authentication or user interaction required. No patch is currently available.
Insufficient input validation in Cisco Secure Firewall ASA and Secure FTD OSPF implementations allows adjacent attackers to trigger denial of service by sending malformed OSPF update packets that cause device reloads. Authentication bypass is possible if OSPF authentication is disabled, though knowing the secret key is required when authentication is enabled. No patch is currently available for this medium-severity vulnerability.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. Part of a family of 15+ critical buffer overflows in this router.
Cisco Secure Firewall ASA and FTD devices are vulnerable to a denial of service attack through the Remote Access SSL VPN feature, where authenticated attackers can trigger unvalidated input processing in the Lua interpreter to force device reloads. The vulnerability stems from insufficient input validation in the Lua interpreter and can be exploited by sending specially crafted HTTP packets over an existing VPN connection. No patch is currently available for this HIGH severity issue (CVSS 7.7).
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvFirewall. Part of a family of 15+ critical buffer overflows in this router.
Local privilege escalation in Linux kernel f2fs sysfs attributes allows unprivileged users to trigger out-of-bounds memory access and cause denial of service by writing oversized integer values to filesystem control interfaces. The vulnerability stems from improper bounds checking when mapping sysfs attributes to kernel structures of varying integer sizes, enabling attackers to corrupt kernel memory and crash the system. No patch is currently available for this vulnerability.
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability [CVSS 7.8 HIGH]
Privilege escalation in Azure Linux Virtual Machines results from a heap-based buffer overflow that authenticated local users can exploit to gain elevated system access. An attacker with valid credentials can trigger memory corruption to bypass privilege restrictions and assume administrative control of the affected virtual machine. No patch is currently available, making this a critical risk for organizations running Azure Linux infrastructure.
vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 versions up to 1.0.1 is affected by classic buffer overflow (CVSS 8.8).
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. [CVSS 8.1 HIGH]
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M80 Series M80 and M80W, E80 Series E80, C80 Series C80, M700V Series M750VW, M720VW, 730VW, M720VS, M730VS, and M750VS, M70V Series M70V, E70 Series E70, and Software Tools NC Trainer2 and NC Trainer2 plus allows a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition by sending specially crafted packets to TCP port 683. [CVSS 5.9 MEDIUM]
Medium severity vulnerability in ImageMagick. A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur.
Medium severity vulnerability in ImageMagick. A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur.
BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the `-bilateral-blur` operation an out of bounds read can occur. ``` ================================================================= ==676172==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50a0000079c0 at pc 0x57b483c722f7 bp 0x7fffc0acd380 sp 0x7fffc0acd370 READ of size 4 at 0x50a0000079c0 thread T0 ```
Medium severity vulnerability in ImageMagick. A heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write.
High severity vulnerability in ImageMagick. MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack.
ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by buffer overflow (CVSS 5.7).
High severity vulnerability in ImageMagick. An integer overflow in DIB coder can result in out of bounds read or write
Heap over-read in ImageMagick's MAT decoder prior to versions 7.1.2-16 and 6.9.13-41 results from incorrect arithmetic parenthesization, allowing remote attackers to leak sensitive memory contents and cause denial of service through crafted MAT image files. The vulnerability requires no authentication or user interaction and affects systems using vulnerable ImageMagick versions for image processing. No patch is currently available, leaving users dependent on upgrading to patched versions when released.
Medium severity vulnerability in ImageMagick. A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data.
Medium severity vulnerability in ImageMagick. A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation.
High severity vulnerability in ImageMagick. A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption.
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup. [CVSS 7.5 HIGH]
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534. [CVSS 7.5 HIGH]
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52. [CVSS 7.5 HIGH]
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. [CVSS 6.2 MEDIUM]
The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. [CVSS 7.5 HIGH]
Remote code execution in UTT HiPER 810G firmware through version 1.7.7-1711 via a buffer overflow in the /goform/formApMail handler allows authenticated attackers to achieve complete system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at elevated risk. The attack requires network access but no user interaction, making it a significant threat to organizations using this device.
Unauthenticated remote attackers can achieve complete system compromise (code execution, data theft, and denial of service) against UTT HiPER 810G firmware versions up to 1.7.7-1711 through a buffer overflow in the /goform/getOneApConfTempEntry endpoint. Public exploit code is available and actively being leveraged in attacks. No patch is currently available for affected devices.
Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows authenticated remote attackers to achieve complete system compromise through a malformed page parameter in the /goform/P2pListFilter endpoint. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk of code execution and data theft.
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise. [CVSS 8.8 HIGH]
Stack overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows authenticated attackers to achieve remote code execution through a malicious page parameter in the /goform/DhcpListClient endpoint. Public exploit code is available and the vulnerability remains unpatched, creating significant risk for deployed devices. This affects both the Tenda FH1202 router and Stack Overflow services with high severity impact on confidentiality, integrity, and availability.
Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote authenticated attackers to achieve complete system compromise through manipulation of the page parameter in the /goform/NatStaticSetting function. Public exploit code exists for this vulnerability and no patch is currently available. The flaw requires valid credentials but can be exploited over the network with no user interaction.
Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote authenticated attackers to achieve full system compromise through manipulation of the webSiteId parameter in the /goform/webtypelibrary function. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score of 8.8 reflects the potential for complete confidentiality, integrity, and availability impact.
Remote code execution in Atop Technologies EHG2408-series industrial Ethernet switches (including the EHG2408 and EHG2408-2SFP firmware) allows unauthenticated attackers to hijack the device's execution flow via a stack-based buffer overflow and run arbitrary code. The flaw was reported through Taiwan's CERT (TWCERT) and carries a CVSS 4.0 base score of 9.3, reflecting fully unauthenticated network exploitation with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and the EPSS score is low (0.14%, 34th percentile), suggesting exploitation has not yet been observed at scale.
Stack overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote attackers with low privileges to execute arbitrary code through crafted mit_ssid parameters sent to the AdvSetWrlsafeset function. Public exploit code exists for this vulnerability and no patch is currently available. The attack requires network access but no user interaction, making it readily exploitable in affected deployments.
Remote code execution in Tenda i3 1.0.0.6(2204) firmware allows unauthenticated attackers to achieve full system compromise through a stack-based buffer overflow in the WifiMacFilterSet function. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring immediate mitigation through network segmentation or device isolation.
Remote code execution in Tenda i3 firmware versions up to 1.0.0.6(2204) via stack-based buffer overflow in the WiFi MAC filter function allows unauthenticated attackers to achieve full system compromise over the network. Public exploit code exists for this vulnerability and no patch is currently available. The flaw requires only low complexity to exploit and affects the confidentiality, integrity, and availability of affected devices.
Stack-based buffer overflow in Tenda i3 1.0.0.6(2204) firmware allows authenticated remote attackers to achieve code execution by manipulating the cmdinput parameter in the /goform/exeCommand function. Public exploit code exists for this vulnerability and no patch is currently available, placing affected devices at immediate risk.
Stack-based buffer overflow in Tenda i3 1.0.0.6(2204) firmware allows authenticated remote attackers to achieve complete system compromise through manipulation of ping parameters in the setAutoPing function. Public exploit code exists for this vulnerability and no patch is currently available, creating significant risk for affected deployments.
Stack overflow in Tenda i3 firmware version 1.0.0.6(2204) allows authenticated remote attackers to achieve full system compromise through a malformed funcpara1 parameter in the /goform/setcfm endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.
Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability. [CVSS 7.5 HIGH]
Stack-based buffer overflow in Delta Electronics COMMGR2 communication management software. ICS vulnerability enabling remote code execution on industrial communication gateways.
Stack-based buffer overflow in Tenda F453 firmware 1.0.0.3 allows remote attackers with valid credentials to achieve unauthenticated code execution through a malformed GO parameter in the WrlclientSet function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations using vulnerable F453 devices should implement network segmentation and access controls to mitigate exploitation risk.
Stack-based buffer overflow in Tenda F453 firmware version 1.0.0.3 allows authenticated remote attackers to achieve complete system compromise through a malformed GO parameter in the WrlExtraSet function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems face high risk of unauthorized code execution, data theft, and service disruption.
Stack-based buffer overflow in Tenda F453 firmware allows unauthenticated remote attackers to execute arbitrary code through the cmdinput parameter in the /goform/exeCommand function, with public exploit code already available. The vulnerability affects F453 firmware version 1.0.0.3 and has a CVSS score of 8.8, enabling complete compromise of affected devices without requiring user interaction. No patch is currently available.
Out-of-bounds read in libssh versions up to 0.11.3 allows remote attackers to cause denial of service by manipulating the idx argument in the SFTP extension name handler functions. The vulnerability resides in the sftp_extensions_get_name and sftp_extensions_get_data functions, enabling unauthenticated attackers to trigger memory access violations without user interaction. Upgrading to libssh 0.11.4 or 0.12.0 resolves this issue.
Remote code execution in Tenda F453 firmware versions 1.0.0.3 and 3.As via stack-based buffer overflow in the PPTP client configuration endpoint allows unauthenticated network attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for affected devices.
Stack-based buffer overflow in Tenda F453 firmware versions 1.0.0.3/1.1f allows authenticated remote attackers to execute arbitrary code through malformed funcname/funcpara1 parameters in the /goform/setcfm endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score of 8.8 reflects the complete compromise potential of affected devices.
Stack-based buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated attackers to achieve remote code execution through improper input validation in the QuickIndex handler. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at significant risk of compromise.
Stack-based buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated remote attackers to achieve full system compromise through a malicious page parameter in the webExcptypemanFilter function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but no user interaction, making it a significant risk for affected devices.
Remote code execution in Wavlink WL-WN579X3-C firmware through stack-based buffer overflow in the firewall.cgi module allows unauthenticated attackers to achieve complete system compromise via manipulation of the del_flag parameter. Public exploit code exists for this vulnerability, and no patch is currently available despite vendor notification. Affected users should immediately restrict network access to the affected device until a firmware update becomes available.
Heap buffer overflow in libpng's pnm2png utility (versions up to 1.6.55) allows local attackers to corrupt memory and potentially execute code by supplying malicious width or height parameters. The vulnerability requires local access and public exploit code is available. The maintainers have not yet provided a patch despite early notification.
Integer overflow in MrNanko webp4j versions up to 1.3.x within the GIF decoder's DecodeGifFromMemory function allows local attackers to trigger memory corruption through manipulation of the canvas_height parameter. Public exploit code exists for this vulnerability, and no patch is currently available. Affected users should restrict local access to the application until an update is released.
Wavlink NU516U1 firmware 251208 has a buffer overflow enabling remote code execution through crafted HTTP requests to the CGI interface.
Remote code execution in H3C Magic B1 firmware through a buffer overflow in the SSID configuration function allows unauthenticated attackers to gain complete system compromise over the network. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification. The flaw affects firmware versions up to 100R004 and requires only low complexity to exploit with valid credentials.
Remote code execution in UTT HiPER 810G firmware up to version 1.7.7-171114 through a stack buffer overflow in the DNS filter configuration function allows authenticated attackers to execute arbitrary commands with full system privileges. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring organizations to implement network-level mitigations or device replacement until a fix is released.
Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 stems from an unsafe strcpy operation in the /goform/formRemoteControl function that enables unauthenticated attackers to trigger a buffer overflow. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.
A buffer overflow in the NTP configuration handler of UTT HiPER 810G firmware versions up to 1.7.7-171114 enables authenticated remote attackers to achieve complete system compromise through memory corruption. Public exploit code exists for this vulnerability, and no patch is currently available. Affected devices face immediate risk of remote code execution with high privileges from any authenticated user.
Stack Overflow's Language Package Configuration Handler contains a stack-based buffer overflow in the httpd component that can be triggered by manipulating the Language parameter, allowing authenticated remote attackers to achieve code execution. The vulnerability affects Planet ICG-2510 1.0_20250811 and currently lacks an available patch. An attacker with valid credentials can exploit this remotely without user interaction to potentially compromise the affected system.
Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. [CVSS 7.5 HIGH]
Perl Crypt::NaCl::Sodium module through 2.002 has potential integer overflows in cryptographic operations that could weaken security guarantees.
Remote code execution in Tenda FH451 firmware via stack-based buffer overflow in the QuickIndex function allows unauthenticated attackers to execute arbitrary code by sending crafted requests with oversized PPPOEPassword parameters. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and affects firmware version 1.0.0.9 and potentially other versions.
Remote code execution in Tenda FH451 firmware via stack-based buffer overflow in the WAN configuration endpoint allows unauthenticated attackers to achieve full system compromise through malicious wanmode or PPPOEPassword parameters. Public exploit code exists for this vulnerability, and no patch is currently available. Stack Overflow products are also reported as affected.
Stack overflow in Tenda FH451 firmware's setcfm function allows authenticated remote attackers to achieve complete system compromise through malicious funcname or funcpara1 parameters. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects firmware version 1.0.0.9 and enables remote code execution with high impact to confidentiality, integrity, and availability.
A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compound_document::read_directory of the file source/detail/cryptography/compound_document.cpp of the component Encrypted XLSX File Parser. [CVSS 3.3 LOW]
A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_document.cpp of the component XLSX File Parser. [CVSS 3.3 LOW]
eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing 255 bytes of data that triggers a buffer overflow condition when processed by the application. [CVSS 6.2 MEDIUM]
PJSIP versions prior to 2.17 are vulnerable to a stack buffer overflow in the RTP payload parsing mechanism when processing more frames than allocated buffers can accommodate, enabling remote denial of service attacks over the network without authentication. An attacker can trigger a crash by sending specially crafted RTP packets containing excessive frame data, causing the application to become unavailable.
Stack-based buffer overflow in Wavlink WL-NU516U1 firmware's login.cgi allows remote attackers with high privileges to achieve complete system compromise through a malformed ipaddr parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables unauthenticated remote code execution with full read, write, and execution capabilities on affected devices.
A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component etterfilter. [CVSS 3.3 LOW]
A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. [CVSS 7.8 HIGH]
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule. Part of a family of 15+ critical buffer overflows in this router.
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]
Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]
Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 4.0 MEDIUM]
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. [CVSS 5.3 MEDIUM]
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWWConfig. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. Part of a family of 15+ critical buffer overflows in this router.
D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. [CVSS 9.8 CRITICAL]
Google Chrome versions before 145.0.7632.159 contain a heap buffer overflow in the WebCodecs component that enables remote attackers to write data outside allocated memory bounds through malicious HTML pages. An unauthenticated attacker can exploit this vulnerability with minimal user interaction to achieve arbitrary code execution on affected systems. A patch is available in Chrome 145.0.7632.159 and later.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formDeviceReboot. Part of a family of 15+ critical buffer overflows in this router.
OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software is affected by buffer overflow (CVSS 6.8).
Memory corruption in Cisco Secure Firewall ASA and FTD OSPF packet processing allows adjacent, unauthenticated attackers to crash affected devices by sending crafted protocol packets. The vulnerability results in device reboot and denial of service, with no authentication or user interaction required. No patch is currently available.
Insufficient input validation in Cisco Secure Firewall ASA and Secure FTD OSPF implementations allows adjacent attackers to trigger denial of service by sending malformed OSPF update packets that cause device reloads. Authentication bypass is possible if OSPF authentication is disabled, though knowing the secret key is required when authentication is enabled. No patch is currently available for this medium-severity vulnerability.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. Part of a family of 15+ critical buffer overflows in this router.
Cisco Secure Firewall ASA and FTD devices are vulnerable to a denial of service attack through the Remote Access SSL VPN feature, where authenticated attackers can trigger unvalidated input processing in the Lua interpreter to force device reloads. The vulnerability stems from insufficient input validation in the Lua interpreter and can be exploited by sending specially crafted HTTP packets over an existing VPN connection. No patch is currently available for this HIGH severity issue (CVSS 7.7).
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4. Part of a family of 15+ critical buffer overflows in this router.
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvFirewall. Part of a family of 15+ critical buffer overflows in this router.
Local privilege escalation in Linux kernel f2fs sysfs attributes allows unprivileged users to trigger out-of-bounds memory access and cause denial of service by writing oversized integer values to filesystem control interfaces. The vulnerability stems from improper bounds checking when mapping sysfs attributes to kernel structures of varying integer sizes, enabling attackers to corrupt kernel memory and crash the system. No patch is currently available for this vulnerability.