Buffer Overflow
Monthly
Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vapor is an HTTP web framework for Swift. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A critical integer overflow vulnerability in GStreamer's qtdemux element allows attackers to trigger denial of service or potentially execute arbitrary code through heap memory corruption. The vulnerability affects GStreamer versions prior to the patched releases and requires user interaction to process a malicious media file. A public proof-of-concept exploit is available, though the EPSS score indicates relatively low real-world exploitation probability at 0.06%.
A heap overflow vulnerability exists in GStreamer's matroskaparse element due to an integer overflow in the gst_matroska_decompress_data function when processing MKV files with HEADERSTRIP decompression. While the matroskaparse element lacks proper size checks making it vulnerable, the more commonly used matroskademux element has restrictions that prevent exploitation. A proof-of-concept exploit is publicly available, though the EPSS score indicates a relatively low (4%) probability of real-world exploitation.
A critical integer overflow vulnerability in the GStreamer multimedia framework's Matroska (MKV) demuxer can cause denial of service or potentially enable heap memory corruption when processing specially crafted MKV files with LZO compression. The vulnerability affects GStreamer versions prior to the patched releases and has been assigned a high CVSS score of 7.8, with proof-of-concept code publicly available. While the EPSS score indicates relatively low exploitation probability at 0.06%, the availability of public exploit code and the widespread use of GStreamer in multimedia applications makes this a significant concern for affected systems.
An integer overflow vulnerability in GStreamer's matroska demuxer can cause denial of service through segmentation faults or potentially allow heap memory corruption when processing malformed MKV files with bzip compression. The vulnerability affects GStreamer versions prior to patches released in 2022, with proof-of-concept exploits publicly available and an EPSS score of 0.04% indicating low but non-zero exploitation probability. While not currently in CISA's KEV catalog, the vulnerability requires only local access with user interaction to exploit, achieving high impact across confidentiality, integrity, and availability.
An integer overflow vulnerability in GStreamer's Matroska demuxer can cause denial of service or potentially heap memory corruption when processing specially crafted MKV files with zlib-compressed data. The vulnerability affects GStreamer versions prior to the patched releases and requires local access with user interaction to exploit. A public proof-of-concept exploit is available, though the EPSS score indicates relatively low real-world exploitation likelihood at 0.06%.
GStreamer versions prior to 1.18.4 contain an out-of-bounds read vulnerability when processing malformed ID3v2 tags, potentially leading to denial of service through information disclosure or application crash. The vulnerability affects GStreamer itself and multiple NetApp products (Active IQ Unified Manager, E-Series Santricity, OnCommand suite, and HCI Management Node) that embed or depend on GStreamer libraries. An attacker can trigger this vulnerability by crafting a malicious audio file with specially formatted ID3v2 metadata and providing it to an application that uses the affected GStreamer library, though the EPSS score of 0.13% (32nd percentile) suggests limited real-world exploitation likelihood despite the moderate CVSS 5.5 rating.
A heap-based buffer overflow vulnerability exists in GStreamer's RTSP connection parser that allows remote attackers to execute arbitrary code by sending a specially crafted response from a malicious RTSP server. The vulnerability affects all GStreamer versions prior to 1.16.0 and requires user interaction (connecting to a malicious server), with a CVSS score of 8.8 indicating high severity. While no active exploitation has been confirmed (not in KEV), the vulnerability has been publicly disclosed with security advisories available, and the attack vector is relatively straightforward for attackers with RTSP protocol knowledge.
Microsoft Office 2007 through 2016 Equation Editor (EQNEDT32.EXE) contains a memory corruption vulnerability that enables remote code execution through crafted documents, becoming the single most exploited vulnerability in the world during 2018.
Microsoft Outlook 2010 through 2016 allows security feature bypass enabling arbitrary command execution through crafted documents, exploited by APT33 (Elfin) to execute commands directly from Outlook without macro warnings.
Remote code execution in Microsoft IIS 6.0 WebDAV service allows unauthenticated attackers to execute arbitrary code by sending a specially crafted PROPFIND request with a malicious 'If' header. Confirmed actively exploited (CISA KEV) since July-August 2016, predating public disclosure by 7+ months. EPSS score of 94.43% (100th percentile) reflects widespread exploitation against legacy Windows Server 2003 R2 systems still exposed to the internet. Multiple public exploits exist including Metasploit modules, and vendor patch has been available since March 2017.
This is an out-of-bounds read vulnerability in GStreamer's gst-plugins-bad MPEG demuxer component that allows remote attackers to crash applications by sending specially crafted MPEG Program Stream Map (PSM) data. The vulnerability affects GStreamer installations across multiple Linux distributions including Debian 8.0/9.0 and Red Hat Enterprise Linux 7.x variants. With an EPSS score of 6.52% (91st percentile), this vulnerability has a moderately elevated probability of exploitation in the wild, though no active exploitation or KEV listing is indicated.
A out-of-bounds write vulnerability exists in the SAMI subtitle parser (samiparse.c) within GStreamer's gst-plugins-base library before version 1.10.3, triggered when processing maliciously crafted SMI subtitle files. The vulnerability allows remote attackers to cause a denial of service condition by crashing the application through memory corruption. With an EPSS score of 0.80% (74th percentile), patch availability from the vendor, and documented proof-of-concept files (OneNote_Manager.smi), this represents a low-to-moderate exploitation risk despite the moderate CVSS 5.5 score.
A memory safety vulnerability in GStreamer's MP4/QuickTime demuxer allows remote attackers to trigger an out-of-bounds read when processing malformed tag values in media files. The vulnerability affects GStreamer versions before 1.10.3 and can cause application crashes when parsing specially crafted MP4/MOV files. With an EPSS score of 3.13% (87th percentile), this vulnerability has moderate exploitation likelihood in the wild.
An invalid memory read vulnerability exists in the gst_aac_parse_sink_setcaps function within GStreamer's AAC audio parser component (gst-plugins-good). Remote attackers can trigger a denial of service by providing a specially crafted AAC audio file, causing the application to crash. With an EPSS score of 0.76% (73rd percentile) and low attack complexity requiring only user interaction to open a malicious file, this vulnerability represents a moderate practical risk despite the moderate CVSS 5.5 score.
A vulnerability in the ROM mappings of the NSF decoder in GStreamer 0.10.x allows remote attackers to trigger out-of-bounds memory access through crafted NSF music files, potentially leading to arbitrary code execution or denial of service. The vulnerability affects all GStreamer 0.10.x versions and requires user interaction to open a malicious NSF file. With an EPSS score of 0.48% (65th percentile) and proof-of-concept exploit code publicly available, this represents a moderate real-world risk for systems processing untrusted media files.
An integer overflow vulnerability exists in the vmnc decoder component of GStreamer that allows remote attackers to trigger a buffer overflow and crash the application. GStreamer version 1.10.0 is confirmed affected, with exploitation requiring no authentication or user interaction over the network. A public proof-of-concept exploit exists (published on Scary Beasts Security blog), and EPSS indicates a 2.41% probability of exploitation in the wild (85th percentile), making this a moderate real-world risk.
Windows Secondary Logon Service improperly processes request handles, allowing local users to escalate privileges to SYSTEM on Windows Vista through Windows 10 via a crafted application.
The Adobe Type Manager Font Driver (ATMFD.DLL) in Windows contains a memory corruption vulnerability that allows local privilege escalation, exploited by the Duqu 2.0 malware in targeted attacks against diplomatic entities.
Remote code execution in Adobe Flash Player 11.x through 18.x allows unauthenticated network attackers to execute arbitrary code via crafted Flash content exploiting a use-after-free flaw in the ByteArray class. Confirmed actively exploited (CISA KEV) in July 2015 following the Hacking Team data breach, which exposed weaponized exploit code targeting this vulnerability. With EPSS score of 93.21% (100th percentile) and publicly available proof-of-concept, this represents critical risk to unpatched Flash installations across Windows, OS X, and Linux platforms. Vendor-released patches available via Adobe APSB15-16.
Adobe Flash Player contains a heap-based buffer overflow that allows remote code execution, exploited as a zero-day in June 2015 by APT3 (a Chinese cyber espionage group) in phishing campaigns targeting aerospace and defense organizations.
Microsoft Word 2007 through 2013 and SharePoint components contain a memory corruption vulnerability in RTF processing that allows remote code execution, heavily exploited by multiple APT groups throughout 2015-2017.
Internet Explorer 6 through 11 contain a use-after-free vulnerability in CMarkup::IsConnectedToPrimaryMarkup that allows remote code execution, exploited as a zero-day in April 2014 with initial attribution to APT groups.
Microsoft Word 2003 through 2013 contain a memory corruption vulnerability in RTF file parsing that allows remote code execution, exploited as a zero-day in targeted attacks against government and military organizations.
Internet Explorer 8 through 10 contain a memory corruption vulnerability allowing remote code execution via crafted websites, used in targeted attacks against defense and aerospace organizations in 2013.
The EPATHOBJ::pprFlattenRec function in Windows win32k.sys fails to properly initialize list pointers, allowing local users to gain SYSTEM privileges through kernel-mode code execution on Windows XP through Windows 8.
Microsoft XML Core Services 3.0 through 6.0 access uninitialized memory locations, allowing remote attackers to execute code or cause memory corruption through a crafted website, actively exploited before patch availability.
Adobe Reader and Acrobat contain an unspecified U3D component vulnerability causing memory corruption that allows remote code execution, exploited as a zero-day in December 2011 through crafted PDF files.
A stack-based buffer overflow in win32k.sys RtlQueryRegistryValues function allows local privilege escalation and UAC bypass on Windows XP through Windows 7 via crafted REG_BINARY registry values.
Microsoft Office XP through 2010 and Office for Mac contain a stack-based buffer overflow in RTF parsing that allows remote code execution via crafted RTF data, widely exploited in targeted attack campaigns.
Microsoft Office Excel 2002 through 2007 and Office for Mac contain a memory corruption vulnerability triggered by a specially crafted spreadsheet with a malformed FEATHEADER record, allowing remote code execution.
Adobe Reader and Acrobat 9.x, 8.x, and 7.x contain a stack-based buffer overflow in the getIcon method of the Collab object that allows remote attackers to execute arbitrary code via a crafted PDF argument.
A critical integer overflow vulnerability exists in GStreamer's gst-plugins-base package before version 0.10.23, allowing remote attackers to execute arbitrary code through specially crafted COVERART tags in Vorbis audio files. The vulnerability triggers when base64-encoded cover art data causes an integer overflow during memory allocation, leading to a heap buffer overflow with full code execution potential. With an EPSS score of 2.82% (86th percentile) and patches available since 2009, this represents a high-severity but dated vulnerability that may still affect legacy systems.
Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vapor is an HTTP web framework for Swift. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A critical integer overflow vulnerability in GStreamer's qtdemux element allows attackers to trigger denial of service or potentially execute arbitrary code through heap memory corruption. The vulnerability affects GStreamer versions prior to the patched releases and requires user interaction to process a malicious media file. A public proof-of-concept exploit is available, though the EPSS score indicates relatively low real-world exploitation probability at 0.06%.
A heap overflow vulnerability exists in GStreamer's matroskaparse element due to an integer overflow in the gst_matroska_decompress_data function when processing MKV files with HEADERSTRIP decompression. While the matroskaparse element lacks proper size checks making it vulnerable, the more commonly used matroskademux element has restrictions that prevent exploitation. A proof-of-concept exploit is publicly available, though the EPSS score indicates a relatively low (4%) probability of real-world exploitation.
A critical integer overflow vulnerability in the GStreamer multimedia framework's Matroska (MKV) demuxer can cause denial of service or potentially enable heap memory corruption when processing specially crafted MKV files with LZO compression. The vulnerability affects GStreamer versions prior to the patched releases and has been assigned a high CVSS score of 7.8, with proof-of-concept code publicly available. While the EPSS score indicates relatively low exploitation probability at 0.06%, the availability of public exploit code and the widespread use of GStreamer in multimedia applications makes this a significant concern for affected systems.
An integer overflow vulnerability in GStreamer's matroska demuxer can cause denial of service through segmentation faults or potentially allow heap memory corruption when processing malformed MKV files with bzip compression. The vulnerability affects GStreamer versions prior to patches released in 2022, with proof-of-concept exploits publicly available and an EPSS score of 0.04% indicating low but non-zero exploitation probability. While not currently in CISA's KEV catalog, the vulnerability requires only local access with user interaction to exploit, achieving high impact across confidentiality, integrity, and availability.
An integer overflow vulnerability in GStreamer's Matroska demuxer can cause denial of service or potentially heap memory corruption when processing specially crafted MKV files with zlib-compressed data. The vulnerability affects GStreamer versions prior to the patched releases and requires local access with user interaction to exploit. A public proof-of-concept exploit is available, though the EPSS score indicates relatively low real-world exploitation likelihood at 0.06%.
GStreamer versions prior to 1.18.4 contain an out-of-bounds read vulnerability when processing malformed ID3v2 tags, potentially leading to denial of service through information disclosure or application crash. The vulnerability affects GStreamer itself and multiple NetApp products (Active IQ Unified Manager, E-Series Santricity, OnCommand suite, and HCI Management Node) that embed or depend on GStreamer libraries. An attacker can trigger this vulnerability by crafting a malicious audio file with specially formatted ID3v2 metadata and providing it to an application that uses the affected GStreamer library, though the EPSS score of 0.13% (32nd percentile) suggests limited real-world exploitation likelihood despite the moderate CVSS 5.5 rating.
A heap-based buffer overflow vulnerability exists in GStreamer's RTSP connection parser that allows remote attackers to execute arbitrary code by sending a specially crafted response from a malicious RTSP server. The vulnerability affects all GStreamer versions prior to 1.16.0 and requires user interaction (connecting to a malicious server), with a CVSS score of 8.8 indicating high severity. While no active exploitation has been confirmed (not in KEV), the vulnerability has been publicly disclosed with security advisories available, and the attack vector is relatively straightforward for attackers with RTSP protocol knowledge.
Microsoft Office 2007 through 2016 Equation Editor (EQNEDT32.EXE) contains a memory corruption vulnerability that enables remote code execution through crafted documents, becoming the single most exploited vulnerability in the world during 2018.
Microsoft Outlook 2010 through 2016 allows security feature bypass enabling arbitrary command execution through crafted documents, exploited by APT33 (Elfin) to execute commands directly from Outlook without macro warnings.
Remote code execution in Microsoft IIS 6.0 WebDAV service allows unauthenticated attackers to execute arbitrary code by sending a specially crafted PROPFIND request with a malicious 'If' header. Confirmed actively exploited (CISA KEV) since July-August 2016, predating public disclosure by 7+ months. EPSS score of 94.43% (100th percentile) reflects widespread exploitation against legacy Windows Server 2003 R2 systems still exposed to the internet. Multiple public exploits exist including Metasploit modules, and vendor patch has been available since March 2017.
This is an out-of-bounds read vulnerability in GStreamer's gst-plugins-bad MPEG demuxer component that allows remote attackers to crash applications by sending specially crafted MPEG Program Stream Map (PSM) data. The vulnerability affects GStreamer installations across multiple Linux distributions including Debian 8.0/9.0 and Red Hat Enterprise Linux 7.x variants. With an EPSS score of 6.52% (91st percentile), this vulnerability has a moderately elevated probability of exploitation in the wild, though no active exploitation or KEV listing is indicated.
A out-of-bounds write vulnerability exists in the SAMI subtitle parser (samiparse.c) within GStreamer's gst-plugins-base library before version 1.10.3, triggered when processing maliciously crafted SMI subtitle files. The vulnerability allows remote attackers to cause a denial of service condition by crashing the application through memory corruption. With an EPSS score of 0.80% (74th percentile), patch availability from the vendor, and documented proof-of-concept files (OneNote_Manager.smi), this represents a low-to-moderate exploitation risk despite the moderate CVSS 5.5 score.
A memory safety vulnerability in GStreamer's MP4/QuickTime demuxer allows remote attackers to trigger an out-of-bounds read when processing malformed tag values in media files. The vulnerability affects GStreamer versions before 1.10.3 and can cause application crashes when parsing specially crafted MP4/MOV files. With an EPSS score of 3.13% (87th percentile), this vulnerability has moderate exploitation likelihood in the wild.
An invalid memory read vulnerability exists in the gst_aac_parse_sink_setcaps function within GStreamer's AAC audio parser component (gst-plugins-good). Remote attackers can trigger a denial of service by providing a specially crafted AAC audio file, causing the application to crash. With an EPSS score of 0.76% (73rd percentile) and low attack complexity requiring only user interaction to open a malicious file, this vulnerability represents a moderate practical risk despite the moderate CVSS 5.5 score.
A vulnerability in the ROM mappings of the NSF decoder in GStreamer 0.10.x allows remote attackers to trigger out-of-bounds memory access through crafted NSF music files, potentially leading to arbitrary code execution or denial of service. The vulnerability affects all GStreamer 0.10.x versions and requires user interaction to open a malicious NSF file. With an EPSS score of 0.48% (65th percentile) and proof-of-concept exploit code publicly available, this represents a moderate real-world risk for systems processing untrusted media files.
An integer overflow vulnerability exists in the vmnc decoder component of GStreamer that allows remote attackers to trigger a buffer overflow and crash the application. GStreamer version 1.10.0 is confirmed affected, with exploitation requiring no authentication or user interaction over the network. A public proof-of-concept exploit exists (published on Scary Beasts Security blog), and EPSS indicates a 2.41% probability of exploitation in the wild (85th percentile), making this a moderate real-world risk.
Windows Secondary Logon Service improperly processes request handles, allowing local users to escalate privileges to SYSTEM on Windows Vista through Windows 10 via a crafted application.
The Adobe Type Manager Font Driver (ATMFD.DLL) in Windows contains a memory corruption vulnerability that allows local privilege escalation, exploited by the Duqu 2.0 malware in targeted attacks against diplomatic entities.
Remote code execution in Adobe Flash Player 11.x through 18.x allows unauthenticated network attackers to execute arbitrary code via crafted Flash content exploiting a use-after-free flaw in the ByteArray class. Confirmed actively exploited (CISA KEV) in July 2015 following the Hacking Team data breach, which exposed weaponized exploit code targeting this vulnerability. With EPSS score of 93.21% (100th percentile) and publicly available proof-of-concept, this represents critical risk to unpatched Flash installations across Windows, OS X, and Linux platforms. Vendor-released patches available via Adobe APSB15-16.
Adobe Flash Player contains a heap-based buffer overflow that allows remote code execution, exploited as a zero-day in June 2015 by APT3 (a Chinese cyber espionage group) in phishing campaigns targeting aerospace and defense organizations.
Microsoft Word 2007 through 2013 and SharePoint components contain a memory corruption vulnerability in RTF processing that allows remote code execution, heavily exploited by multiple APT groups throughout 2015-2017.
Internet Explorer 6 through 11 contain a use-after-free vulnerability in CMarkup::IsConnectedToPrimaryMarkup that allows remote code execution, exploited as a zero-day in April 2014 with initial attribution to APT groups.
Microsoft Word 2003 through 2013 contain a memory corruption vulnerability in RTF file parsing that allows remote code execution, exploited as a zero-day in targeted attacks against government and military organizations.
Internet Explorer 8 through 10 contain a memory corruption vulnerability allowing remote code execution via crafted websites, used in targeted attacks against defense and aerospace organizations in 2013.
The EPATHOBJ::pprFlattenRec function in Windows win32k.sys fails to properly initialize list pointers, allowing local users to gain SYSTEM privileges through kernel-mode code execution on Windows XP through Windows 8.
Microsoft XML Core Services 3.0 through 6.0 access uninitialized memory locations, allowing remote attackers to execute code or cause memory corruption through a crafted website, actively exploited before patch availability.
Adobe Reader and Acrobat contain an unspecified U3D component vulnerability causing memory corruption that allows remote code execution, exploited as a zero-day in December 2011 through crafted PDF files.
A stack-based buffer overflow in win32k.sys RtlQueryRegistryValues function allows local privilege escalation and UAC bypass on Windows XP through Windows 7 via crafted REG_BINARY registry values.
Microsoft Office XP through 2010 and Office for Mac contain a stack-based buffer overflow in RTF parsing that allows remote code execution via crafted RTF data, widely exploited in targeted attack campaigns.
Microsoft Office Excel 2002 through 2007 and Office for Mac contain a memory corruption vulnerability triggered by a specially crafted spreadsheet with a malformed FEATHEADER record, allowing remote code execution.
Adobe Reader and Acrobat 9.x, 8.x, and 7.x contain a stack-based buffer overflow in the getIcon method of the Collab object that allows remote attackers to execute arbitrary code via a crafted PDF argument.
A critical integer overflow vulnerability exists in GStreamer's gst-plugins-base package before version 0.10.23, allowing remote attackers to execute arbitrary code through specially crafted COVERART tags in Vorbis audio files. The vulnerability triggers when base64-encoded cover art data causes an integer overflow during memory allocation, leading to a heap buffer overflow with full code execution potential. With an EPSS score of 2.82% (86th percentile) and patches available since 2009, this represents a high-severity but dated vulnerability that may still affect legacy systems.