Buffer Overflow
Monthly
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption can occur when process-specific maps are added to the global list. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption occurs when invoking any IOCTL-calling application that executes all MCDM driver IOCTL calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while processing IOCTL call invoked from user-space to verify non extension FIPS encryption and decryption functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption when IOCTL call is invoked from user-space to read board data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
information disclosure while invoking the mailbox read API. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.
Memory corruption while processing frame command IOCTL calls. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while invoking IOCTL calls to unmap the DMA buffers. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while processing IPA statistics, when there are no active clients registered. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
In Modem, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 39.2% and no vendor patch available.
In Modem, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In wlan STA FW, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan STA driver, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In m4u, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.
In cc_SendCcImsInfoIndMsg of cc_MmConManagement.c, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a possible out of bounds write due to a buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there is a possible out of bounds read due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In construct_transaction_from_cmd of lwis_ioctl.c, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An out-of-bounds read vulnerability exists in GStreamer's WAV file parser that allows remote attackers to read 4 bytes of memory beyond buffer boundaries when processing specially crafted WAV files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can lead to information disclosure or application crashes when parsing malicious media files. While no active exploitation has been reported and the vulnerability is not listed in CISA's KEV catalog, the network-based attack vector and lack of authentication requirements make this a significant security concern for applications using GStreamer for media processing.
A critical out-of-bounds read vulnerability exists in GStreamer's AVI subtitle parsing functionality, allowing remote attackers to read sensitive memory contents and potentially crash applications. The vulnerability affects GStreamer versions prior to 1.24.10 and can be triggered when processing maliciously crafted AVI files with subtitle chunks. With a CVSS score of 9.1 and requiring no authentication or user interaction for exploitation, this represents a severe risk for applications using GStreamer for media processing.
A stack-based buffer overflow vulnerability exists in GStreamer's Opus audio decoder that allows remote attackers to execute arbitrary code by overwriting the instruction pointer (EIP) on the stack. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered when processing specially crafted Opus audio streams with more than 64 channels. While not currently listed in CISA KEV and with no public exploit code identified, the vulnerability has a critical CVSS score of 9.8 due to its remote exploitability without authentication.
A buffer overflow vulnerability in GStreamer's media discovery component allows remote attackers to read sensitive stack memory and potentially crash applications. The flaw occurs when processing media files with more than 64 audio channels, causing the format_channel_mask function to read beyond array bounds. With a CVSS score of 9.1 and network-based attack vector requiring no authentication, this represents a critical risk for applications using GStreamer for media processing, though no active exploitation or public proof-of-concept has been reported.
An out-of-bounds read vulnerability exists in GStreamer's MP4 demuxer that allows remote attackers to read up to 8 bytes beyond allocated memory boundaries when processing malformed MP4 files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication by serving a malicious MP4 file, potentially exposing sensitive memory contents or causing application crashes. A proof-of-concept file (GHSL-2024-245_crash1.mp4) has been publicly disclosed, and while not currently in CISA's KEV catalog, the vulnerability has a critical CVSS score of 9.1.
An integer underflow vulnerability in GStreamer's qtdemux component allows remote attackers to trigger out-of-bounds memory reads, potentially causing application crashes or denial of service. The flaw occurs when processing malformed media files with specific atom structures, affecting all GStreamer versions prior to 1.24.10. With an EPSS score of 0.11% and no known active exploitation, this represents a moderate risk primarily for applications processing untrusted media content.
An integer underflow vulnerability in GStreamer's QuickTime demuxer (qtdemux) allows remote attackers to trigger an out-of-bounds memory read, potentially causing application crashes or denial of service. The vulnerability affects GStreamer versions prior to 1.24.10 and occurs when parsing malformed QuickTime/MP4 files where a size calculation can result in negative values, leading to large memory copy operations. With an EPSS score of 0.13% and no known active exploitation or public POC, this represents a moderate risk primarily to applications processing untrusted media files.
An out-of-bounds read vulnerability exists in GStreamer's QuickTime demuxer (qtdemux.c) that allows attackers to read up to 4GB of process memory or trigger a denial of service via crafted media files. GStreamer versions prior to 1.24.10 are affected. With an EPSS score of only 0.08% (24th percentile), active exploitation appears unlikely despite the network-accessible attack vector and lack of required privileges.
An out-of-bounds write vulnerability in GStreamer's isomp4/qtdemux.c allows remote attackers to overwrite up to 3 bytes beyond allocated memory boundaries when processing media files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be exploited without authentication over the network, potentially leading to remote code execution. While no active exploitation has been reported (not in KEV), the vulnerability has a critical CVSS score of 9.8 and patches are available.
A stack buffer overflow vulnerability exists in GStreamer's Vorbis audio decoder that allows remote attackers to execute arbitrary code without authentication. The flaw occurs when processing malicious Vorbis audio files with more than 64 channels, leading to stack memory corruption and potential control over the instruction pointer (EIP). While not currently in CISA's Known Exploited Vulnerabilities catalog, the vulnerability has a critical CVSS score of 9.8 and patches are available.
An integer overflow vulnerability in GStreamer's QuickTime demuxer leads to out-of-bounds memory writes when processing malicious media files with crafted sample count values. The vulnerability affects all GStreamer versions prior to 1.24.10 and allows remote attackers to achieve arbitrary code execution without authentication by serving specially crafted media files. With a critical CVSS score of 9.8 and network-based attack vector, this presents a severe risk for applications using GStreamer for media processing.
Memory corruption while taking snapshot when an offset variable is set by camera driver. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures To have enough space to write all possible sprintf() args. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In the Linux kernel, the following vulnerability has been resolved: cdrom: rearrange last_media_change check to avoid unintentional overflow When running syzkaller with the newly reintroduced signed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
A stack-based buffer overflow vulnerability exists in GStreamer's AV1 video parsing functionality that allows remote attackers to execute arbitrary code when processing specially crafted AV1-encoded video files. The vulnerability affects all versions of GStreamer prior to the patched release and requires user interaction to exploit, such as opening a malicious video file. With a CVSS score of 8.8 and patches available since the disclosure, this represents a high-severity issue for applications using GStreamer for video processing.
A stack-based buffer overflow vulnerability exists in GStreamer's AV1 video parsing functionality that allows remote attackers to execute arbitrary code when processing specially crafted AV1 video files. The vulnerability affects all versions of GStreamer prior to the patched release and requires user interaction to exploit, though attack vectors may vary depending on implementation. With an EPSS score of 9.18% (93rd percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild, though it is not currently listed in CISA's KEV catalog.
A heap-based buffer overflow vulnerability exists in GStreamer's AV1 codec parsing functionality that allows remote attackers to execute arbitrary code. The vulnerability affects all versions of GStreamer prior to the patched release and requires user interaction to exploit, such as opening a malicious AV1 video file. With a CVSS score of 8.8 and patches available since the disclosure, this represents a high-risk vulnerability for applications using GStreamer for media processing.
A stack-based buffer overflow vulnerability in GStreamer's H265 video parsing functionality allows remote attackers to execute arbitrary code when processing maliciously crafted H265 encoded video files. The vulnerability affects all GStreamer installations and requires user interaction (such as opening a malicious video file) but can lead to full system compromise in the context of the running application. With an EPSS score of 6.22% (91st percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild, and patches are available from the vendor.
A heap-based buffer overflow vulnerability in GStreamer's SRT subtitle file parsing functionality allows remote attackers to execute arbitrary code when processing maliciously crafted SRT files. The vulnerability affects all versions of GStreamer and requires user interaction (such as opening a malicious subtitle file), making it particularly dangerous for media players and applications that use GStreamer for subtitle processing. With an EPSS score of 4.74% (89th percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild.
A heap-based buffer overflow vulnerability in GStreamer's PGS (Presentation Graphic Stream) subtitle file parser allows remote attackers to execute arbitrary code when processing malicious subtitle files. The vulnerability affects all GStreamer installations and requires user interaction to exploit, typically by opening a media file with crafted PGS subtitles. With an EPSS score of 7.71% (92nd percentile), this vulnerability represents a significant exploitation risk in the wild.
Heap-buffer overflow in libtiff's TIFFReadRGBATileExt() API allows remote unauthenticated attackers to trigger denial of service via crafted TIFF files. The vulnerability (CWE-122) has a CVSS 7.5 HIGH rating with network attack vector and low complexity, though EPSS score of 0.72% (72nd percentile) suggests moderate real-world exploitation likelihood. Vendor patches are available through Red Hat advisories and upstream GitLab merge request #546. The flaw affects libtiff library across multiple Red Hat Enterprise Linux 8.x and 9.x deployments, requiring applications that process untrusted TIFF images through this specific API function.
A heap overflow vulnerability exists in X.Org Server and Xwayland where improper memory allocation for logical button mappings allows remote attackers to execute arbitrary code with high privileges. The flaw affects multiple Linux distributions including RHEL 7, Fedora 39, and Debian 10, with a critical CVSS score of 9.8 and an EPSS score of 3.26% (87th percentile), indicating moderate real-world exploitation likelihood. Multiple security advisories have been issued by Red Hat with patches available, though no evidence of active exploitation (not in KEV) or public proof-of-concept exists.
Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.
A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.0%.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required.
A denial service vulnerability has been found on Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler (SEH) records. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Microsoft Message Queuing Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Windows Cryptographic Services Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Epss exploitation probability 49.4%.
Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
Windows Themes Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Microsoft AllJoyn API Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A security vulnerability exists in FBX that could lead to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Microsoft Message Queuing Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Microsoft Common Log File System Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%.
handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption can occur when process-specific maps are added to the global list. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption occurs when invoking any IOCTL-calling application that executes all MCDM driver IOCTL calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while processing IOCTL call invoked from user-space to verify non extension FIPS encryption and decryption functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption when IOCTL call is invoked from user-space to read board data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
information disclosure while invoking the mailbox read API. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.
Memory corruption while processing frame command IOCTL calls. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while invoking IOCTL calls to unmap the DMA buffers. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while processing IPA statistics, when there are no active clients registered. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
In Modem, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 39.2% and no vendor patch available.
In Modem, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In wlan STA FW, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan STA driver, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In m4u, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.
In cc_SendCcImsInfoIndMsg of cc_MmConManagement.c, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a possible out of bounds write due to a buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there is a possible out of bounds read due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In construct_transaction_from_cmd of lwis_ioctl.c, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An out-of-bounds read vulnerability exists in GStreamer's WAV file parser that allows remote attackers to read 4 bytes of memory beyond buffer boundaries when processing specially crafted WAV files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can lead to information disclosure or application crashes when parsing malicious media files. While no active exploitation has been reported and the vulnerability is not listed in CISA's KEV catalog, the network-based attack vector and lack of authentication requirements make this a significant security concern for applications using GStreamer for media processing.
A critical out-of-bounds read vulnerability exists in GStreamer's AVI subtitle parsing functionality, allowing remote attackers to read sensitive memory contents and potentially crash applications. The vulnerability affects GStreamer versions prior to 1.24.10 and can be triggered when processing maliciously crafted AVI files with subtitle chunks. With a CVSS score of 9.1 and requiring no authentication or user interaction for exploitation, this represents a severe risk for applications using GStreamer for media processing.
A stack-based buffer overflow vulnerability exists in GStreamer's Opus audio decoder that allows remote attackers to execute arbitrary code by overwriting the instruction pointer (EIP) on the stack. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered when processing specially crafted Opus audio streams with more than 64 channels. While not currently listed in CISA KEV and with no public exploit code identified, the vulnerability has a critical CVSS score of 9.8 due to its remote exploitability without authentication.
A buffer overflow vulnerability in GStreamer's media discovery component allows remote attackers to read sensitive stack memory and potentially crash applications. The flaw occurs when processing media files with more than 64 audio channels, causing the format_channel_mask function to read beyond array bounds. With a CVSS score of 9.1 and network-based attack vector requiring no authentication, this represents a critical risk for applications using GStreamer for media processing, though no active exploitation or public proof-of-concept has been reported.
An out-of-bounds read vulnerability exists in GStreamer's MP4 demuxer that allows remote attackers to read up to 8 bytes beyond allocated memory boundaries when processing malformed MP4 files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication by serving a malicious MP4 file, potentially exposing sensitive memory contents or causing application crashes. A proof-of-concept file (GHSL-2024-245_crash1.mp4) has been publicly disclosed, and while not currently in CISA's KEV catalog, the vulnerability has a critical CVSS score of 9.1.
An integer underflow vulnerability in GStreamer's qtdemux component allows remote attackers to trigger out-of-bounds memory reads, potentially causing application crashes or denial of service. The flaw occurs when processing malformed media files with specific atom structures, affecting all GStreamer versions prior to 1.24.10. With an EPSS score of 0.11% and no known active exploitation, this represents a moderate risk primarily for applications processing untrusted media content.
An integer underflow vulnerability in GStreamer's QuickTime demuxer (qtdemux) allows remote attackers to trigger an out-of-bounds memory read, potentially causing application crashes or denial of service. The vulnerability affects GStreamer versions prior to 1.24.10 and occurs when parsing malformed QuickTime/MP4 files where a size calculation can result in negative values, leading to large memory copy operations. With an EPSS score of 0.13% and no known active exploitation or public POC, this represents a moderate risk primarily to applications processing untrusted media files.
An out-of-bounds read vulnerability exists in GStreamer's QuickTime demuxer (qtdemux.c) that allows attackers to read up to 4GB of process memory or trigger a denial of service via crafted media files. GStreamer versions prior to 1.24.10 are affected. With an EPSS score of only 0.08% (24th percentile), active exploitation appears unlikely despite the network-accessible attack vector and lack of required privileges.
An out-of-bounds write vulnerability in GStreamer's isomp4/qtdemux.c allows remote attackers to overwrite up to 3 bytes beyond allocated memory boundaries when processing media files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be exploited without authentication over the network, potentially leading to remote code execution. While no active exploitation has been reported (not in KEV), the vulnerability has a critical CVSS score of 9.8 and patches are available.
A stack buffer overflow vulnerability exists in GStreamer's Vorbis audio decoder that allows remote attackers to execute arbitrary code without authentication. The flaw occurs when processing malicious Vorbis audio files with more than 64 channels, leading to stack memory corruption and potential control over the instruction pointer (EIP). While not currently in CISA's Known Exploited Vulnerabilities catalog, the vulnerability has a critical CVSS score of 9.8 and patches are available.
An integer overflow vulnerability in GStreamer's QuickTime demuxer leads to out-of-bounds memory writes when processing malicious media files with crafted sample count values. The vulnerability affects all GStreamer versions prior to 1.24.10 and allows remote attackers to achieve arbitrary code execution without authentication by serving specially crafted media files. With a critical CVSS score of 9.8 and network-based attack vector, this presents a severe risk for applications using GStreamer for media processing.
Memory corruption while taking snapshot when an offset variable is set by camera driver. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures To have enough space to write all possible sprintf() args. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In the Linux kernel, the following vulnerability has been resolved: cdrom: rearrange last_media_change check to avoid unintentional overflow When running syzkaller with the newly reintroduced signed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
A stack-based buffer overflow vulnerability exists in GStreamer's AV1 video parsing functionality that allows remote attackers to execute arbitrary code when processing specially crafted AV1-encoded video files. The vulnerability affects all versions of GStreamer prior to the patched release and requires user interaction to exploit, such as opening a malicious video file. With a CVSS score of 8.8 and patches available since the disclosure, this represents a high-severity issue for applications using GStreamer for video processing.
A stack-based buffer overflow vulnerability exists in GStreamer's AV1 video parsing functionality that allows remote attackers to execute arbitrary code when processing specially crafted AV1 video files. The vulnerability affects all versions of GStreamer prior to the patched release and requires user interaction to exploit, though attack vectors may vary depending on implementation. With an EPSS score of 9.18% (93rd percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild, though it is not currently listed in CISA's KEV catalog.
A heap-based buffer overflow vulnerability exists in GStreamer's AV1 codec parsing functionality that allows remote attackers to execute arbitrary code. The vulnerability affects all versions of GStreamer prior to the patched release and requires user interaction to exploit, such as opening a malicious AV1 video file. With a CVSS score of 8.8 and patches available since the disclosure, this represents a high-risk vulnerability for applications using GStreamer for media processing.
A stack-based buffer overflow vulnerability in GStreamer's H265 video parsing functionality allows remote attackers to execute arbitrary code when processing maliciously crafted H265 encoded video files. The vulnerability affects all GStreamer installations and requires user interaction (such as opening a malicious video file) but can lead to full system compromise in the context of the running application. With an EPSS score of 6.22% (91st percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild, and patches are available from the vendor.
A heap-based buffer overflow vulnerability in GStreamer's SRT subtitle file parsing functionality allows remote attackers to execute arbitrary code when processing maliciously crafted SRT files. The vulnerability affects all versions of GStreamer and requires user interaction (such as opening a malicious subtitle file), making it particularly dangerous for media players and applications that use GStreamer for subtitle processing. With an EPSS score of 4.74% (89th percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild.
A heap-based buffer overflow vulnerability in GStreamer's PGS (Presentation Graphic Stream) subtitle file parser allows remote attackers to execute arbitrary code when processing malicious subtitle files. The vulnerability affects all GStreamer installations and requires user interaction to exploit, typically by opening a media file with crafted PGS subtitles. With an EPSS score of 7.71% (92nd percentile), this vulnerability represents a significant exploitation risk in the wild.
Heap-buffer overflow in libtiff's TIFFReadRGBATileExt() API allows remote unauthenticated attackers to trigger denial of service via crafted TIFF files. The vulnerability (CWE-122) has a CVSS 7.5 HIGH rating with network attack vector and low complexity, though EPSS score of 0.72% (72nd percentile) suggests moderate real-world exploitation likelihood. Vendor patches are available through Red Hat advisories and upstream GitLab merge request #546. The flaw affects libtiff library across multiple Red Hat Enterprise Linux 8.x and 9.x deployments, requiring applications that process untrusted TIFF images through this specific API function.
A heap overflow vulnerability exists in X.Org Server and Xwayland where improper memory allocation for logical button mappings allows remote attackers to execute arbitrary code with high privileges. The flaw affects multiple Linux distributions including RHEL 7, Fedora 39, and Debian 10, with a critical CVSS score of 9.8 and an EPSS score of 3.26% (87th percentile), indicating moderate real-world exploitation likelihood. Multiple security advisories have been issued by Red Hat with patches available, though no evidence of active exploitation (not in KEV) or public proof-of-concept exists.
Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.
A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.0%.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required.
A denial service vulnerability has been found on Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler (SEH) records. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Microsoft Message Queuing Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Windows Cryptographic Services Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Epss exploitation probability 49.4%.
Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
Windows Themes Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Microsoft AllJoyn API Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A security vulnerability exists in FBX that could lead to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Microsoft Message Queuing Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Microsoft Common Log File System Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%.
handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.