Skip to main content

Openfpgaloader

2 CVEs product

Monthly

CVE-2026-35176 HIGH This Week

Heap buffer overflow in openFPGALoader 1.1.1 and earlier allows local attackers to read sensitive heap memory and cause denial-of-service by supplying a maliciously crafted .pof FPGA bitstream file. The vulnerability triggers during POF file parsing without requiring physical FPGA hardware, enabling information disclosure (high confidentiality impact) and application crashes (high availability impact). EPSS data not available; no public exploit identified at time of analysis, though GitHub security advisory confirms the flaw in open-source FPGA programming utility used by hardware developers and researchers.

Buffer Overflow Information Disclosure Openfpgaloader
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-35170 HIGH This Week

Heap-buffer-overflow in openFPGALoader 1.1.1 and earlier allows local attackers to trigger information disclosure and denial-of-service through maliciously crafted .bit FPGA configuration files. The vulnerability requires user interaction (opening a malicious file) but requires no authentication or FPGA hardware. CVSS base score is 7.1 (High). No public exploit identified at time of analysis, though proof-of-concept development is feasible given the specific vulnerability class and file format parsing context. EPSS data not available.

Buffer Overflow Information Disclosure Openfpgaloader
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

Heap buffer overflow in openFPGALoader 1.1.1 and earlier allows local attackers to read sensitive heap memory and cause denial-of-service by supplying a maliciously crafted .pof FPGA bitstream file. The vulnerability triggers during POF file parsing without requiring physical FPGA hardware, enabling information disclosure (high confidentiality impact) and application crashes (high availability impact). EPSS data not available; no public exploit identified at time of analysis, though GitHub security advisory confirms the flaw in open-source FPGA programming utility used by hardware developers and researchers.

Buffer Overflow Information Disclosure Openfpgaloader
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Heap-buffer-overflow in openFPGALoader 1.1.1 and earlier allows local attackers to trigger information disclosure and denial-of-service through maliciously crafted .bit FPGA configuration files. The vulnerability requires user interaction (opening a malicious file) but requires no authentication or FPGA hardware. CVSS base score is 7.1 (High). No public exploit identified at time of analysis, though proof-of-concept development is feasible given the specific vulnerability class and file format parsing context. EPSS data not available.

Buffer Overflow Information Disclosure Openfpgaloader
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy