Buffer Overflow

Buffer overflow in BacklinkSpeed 2.4 allows code execution via SEH chain corruption through malicious input. PoC available.

Denial-of-service in TeamViewer DEX Client versions prior to 26.1 allows adjacent network attackers to crash the NomadBranch.exe service by sending specially crafted UDP packets that trigger a heap buffer overflow. The vulnerability stems from an integer underflow in the UDP command handler that can be exploited without authentication or user interaction. Currently, no patch is available and the attack requires network adjacency to the affected system.

Buffer size miscalculation in Eclipse OMR port library since 0.2.0. An API function returning processor feature names has incorrect size allocation. Patch available.

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. [CVSS 7.0 HIGH]

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 26.1 and iPadOS 26.1, Pages 15.1, macOS Tahoe 26.1. [CVSS 4.3 MEDIUM]

The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPadOS 26. [CVSS 5.5 MEDIUM]

Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system. [CVSS 8.4 HIGH]

Zortam Mp3 Media Studio 27.60 has a buffer overflow in the library file selection dialog that allows code execution through crafted library files.

docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. [CVSS 8.4 HIGH]

YATinyWinFTP has a denial of service vulnerability allowing remote attackers to crash the FTP service by sending a 272-byte crafted packet.

10-Strike Network Inventory Explorer 8.65 has a buffer overflow in exception handling that allows remote code execution by crashing the application with crafted network data.

Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. [CVSS 8.8 HIGH]

Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior.

A heap buffer over-read in iccDEV versions prior to 2.3.1.2 allows local attackers with user interaction to leak sensitive heap memory contents or crash the application when processing specially crafted ICC color profiles. The vulnerability stems from unsafe handling of non-null-terminated buffers in the strlen() function during ICC profile processing. Users of the iccDEV library should upgrade to version 2.3.1.2 to remediate this issue.

Stack-based buffer overflow in GnuPG's tpm2daemon component allows local attackers to achieve full system compromise through specially crafted PKDECRYPT commands targeting TPM-backed RSA and ECC keys. Public exploit code exists for this vulnerability, which affects GnuPG versions before 2.5.17 and impacts users of GnuPG, Gpg4win, and Stack Overflow integrations. No patch is currently available, leaving systems vulnerable to local privilege escalation and arbitrary code execution.

GnuPG's gpg-agent fails to properly validate session key sizes in S/MIME messages, allowing remote attackers to trigger a stack buffer overflow via oversized CMS EnvelopedData payloads. Public exploit code exists for this vulnerability, which affects GnuPG versions before 2.5.17 and can be weaponized for denial of service or potentially remote code execution. No patch is currently available.

Wasmtime versions 29.0.0 through 41.0.0 on x86-64 platforms with AVX contain an out-of-bounds memory read in the f64.copysign instruction compilation that can cause application crashes when signal-based traps are disabled. In configurations with disabled guard pages, this vulnerability could potentially leak out-of-sandbox data, though the data remains inaccessible to WebAssembly guests without additional Cranelift bugs. Patches are available in versions 36.0.5, 40.0.3, and 41.0.1.

xray-monolith game mod has a type confusion vulnerability.

Out-of-bounds memory read in Rinnegatamante lpp-vita before version r6 allows local attackers with user interaction to read sensitive data, modify memory, or crash the application. The vulnerability requires local access and user interaction to trigger, affecting the integrity and confidentiality of affected systems. No patch is currently available.

ixray-1.6-stcop game engine has an OOB write vulnerability.

Memory corruption in ThreadX RTOS CreateCounter() function allows local attackers with user privileges to trigger hard faults or corrupt kernel memory by exhausting the counter pool, which causes an unchecked error code to be cast as a wild pointer. The vulnerability stems from incorrect error validation logic that fails to detect counter allocation failures, enabling subsequent writes to arbitrary memory addresses. No patch is currently available.

xrdp open-source RDP server before v0.10.5 has an unauthenticated stack buffer overflow enabling remote code execution.

The function _ux_host_class_storage_media_mount() is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. [CVSS 4.2 MEDIUM]

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function. [CVSS 5.5 MEDIUM]

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive [CVSS 5.5 MEDIUM]

OpenSSL has a critical out-of-bounds write when parsing CMS AuthEnvelopedData/EnvelopedData with malicious AEAD parameters, enabling potential RCE.

Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. [CVSS 6.1 MEDIUM]

Easy CD & DVD Cover Creator 4.13 has a buffer overflow in serial number input.

A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response. [CVSS 5.3 MEDIUM]

Heap-based buffer overflow in is-Engine before version 3.3.4 allows remote attackers to cause denial of service through out-of-bounds memory writes. The vulnerability requires user interaction and network access but has no patch currently available. Affected installations should upgrade to version 3.3.4 or later to mitigate this denial of service risk.

Commander-Genius prior to pull request 358 contains an out-of-bounds write vulnerability that allows remote attackers to cause denial of service through network access without authentication or user interaction. The vulnerability stems from improper memory boundary validation in the application, enabling attackers to crash the service or potentially execute arbitrary code. No patch is currently available for this issue.

Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in FASTSHIFT X-TRACK (Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src modules). This vulnerability is associated with program files inflate.C.

Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules). This vulnerability is associated with program files mongoose.C.

Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files lparser.C.

Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files ldebug.C.

Out-of-bounds Read vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability is associated with program files lparser.C.

Out-of-bounds Write vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C.

Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inftrees.C.

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb (src/cjson modules). This vulnerability is associated with program files cJSON.Cc.

An issue from the component luaG_runerror in dependencies/lua/src/ldebug.c in praydog/REFramework versions up to 1.5.5 is affected by out-of-bounds write.

Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in tildearrow furnace (extern/zlib modules). This vulnerability is associated with program files inflate.C.

Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in davisking dlib (dlib/external/zlib modules). This vulnerability is associated with program files inflate.C.

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment DagorEngine (prog/3rdPartyLibs/miniupnpc modules). This vulnerability is associated with program files upnpreplyparse.C.

Out-of-bounds Write vulnerability in neka-nat cupoch (third_party/libjpeg-turbo/libjpeg-turbo modules). This vulnerability is associated with program files tjbench.C.

Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulnerability is associated with program files regparse.C.

Out-of-bounds Write vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulnerability is associated with program files regcomp.C.

A product has an out-of-bounds write from classic buffer overflow enabling remote code execution.

Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in anyrtcIO-Community anyRTC-RTMP-OpenSource (third_party/faad2-2.7/libfaad modules). This vulnerability is associated with program files bits.C, syntax.C.

ASDA-Soft Stack-based Buffer Overflow Vulnerability [CVSS 7.8 HIGH]

A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. [CVSS 4.0 MEDIUM]

Arbitrary code execution in SOLIDWORKS eDrawings 2025-2026 via out-of-bounds write when parsing specially crafted EPRT files. An attacker can exploit this vulnerability by distributing a malicious file that executes code with user privileges upon opening. No patch is currently available.

Arbitrary code execution in SOLIDWORKS eDrawings 2025-2026 via heap overflow when parsing malicious EPRT files allows attackers to gain full system compromise upon user interaction. The vulnerability requires local file access and user action to trigger, making it a significant risk for organizations using affected SOLIDWORKS versions. No patch is currently available.

Stack-based buffer overflow in pymumu SmartDNS versions up to 47.1 within the SVBC Record Parser component allows remote attackers to cause information disclosure and limited integrity/availability impact through specially crafted DNS SVCB/HTTPS records. Exploitation requires high complexity and specific conditions, making practical attacks difficult. No patch is currently available.

Unauthenticated attackers can trigger a buffer overflow in Tenda AC23 firmware version 16.03.07.52 through the wpapsk_crypto parameter in /goform/WifiExtraSet, enabling remote code execution with full system compromise. Public exploit code is available and actively used in the wild, yet no patch has been released by the vendor. All AC23 devices running the affected firmware version are at immediate risk of complete takeover.

Out-of-bounds write in GPAC's SRT subtitle import functionality (versions up to 2.4.0) allows local attackers with user privileges to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability, and a patch is available. Local access is required to exploit this flaw, limiting the attack surface to authenticated users on the affected system.

Heap buffer overflow in iccDEV versions 2.3.1.1 and below allows remote code execution through maliciously crafted ICC color profile data submitted to the CIccTagXmlSegmentedCurve::ToXml() function. Public exploit code exists for this vulnerability, enabling attackers to achieve denial of service, data manipulation, and arbitrary code execution with no authentication required. The vulnerability affects all users of the vulnerable iccDEV library versions and has been resolved in version 2.3.1.2.

Heap buffer overflow in iccDEV versions 2.3.1.1 and below allows remote code execution when processing maliciously crafted ICC color profiles, with public exploit code currently available. An unauthenticated attacker can trigger the vulnerability through user-supplied input to the CIccTagNamedColor2::SetSize() function, enabling arbitrary code execution, denial of service, or data manipulation. The vulnerability has been patched in version 2.3.1.2.

Heap buffer overflow in iccDEV versions 2.3.1.1 and earlier allows remote code execution through maliciously crafted ICC color profiles when user input is processed by CIccMpeCalculator::Read(). Public exploit code exists for this vulnerability, enabling attackers to execute arbitrary code, cause denial of service, or manipulate application data. The vulnerability is fixed in version 2.3.1.2.

dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to overwrite memory by manipulating the milstd1553result.txt file. [CVSS 8.4 HIGH]

ALGO 8180 has a heap-based buffer overflow in InformaCast message processing enabling remote code execution through the emergency notification protocol.

ALGO 8180 has a stack-based buffer overflow in SIP INVITE Alert-Info header processing, enabling remote code execution through the VoIP protocol.

ALGO 8180 has a stack-based buffer overflow in SIP INVITE Replaces header processing enabling remote code execution through crafted VoIP calls.

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. [CVSS 7.8 HIGH]

Sentencepiece versions below 0.2.1 are vulnerable to memory corruption when processing specially crafted model files, allowing local authenticated attackers to crash the application or potentially execute arbitrary code. This vulnerability requires a malicious model file that deviates from standard training procedures, affecting AI/ML applications that use vulnerable Sentencepiece libraries. No patch is currently available.

Tenda AX3 firmware has another stack-based buffer overflow in formGetIptv through a different input path, enabling remote code execution.

Stack-based buffer overflow in Tenda AX1803 firmware version 1.0.0.1 allows unauthenticated remote attackers to execute arbitrary code by manipulating guest network parameters in the /goform/WifiGuestSet function. Public exploit code exists for this vulnerability, and no patch is currently available. This affects devices running the vulnerable firmware with network-accessible management interfaces.

Buffer overflow in Totolik NR1800X firmware allows authenticated remote attackers to achieve complete system compromise through malformed SSID parameters in the setWizardCfg POST handler. Public exploit code is available and no patch has been released, leaving affected devices vulnerable to remote code execution. This vulnerability requires valid credentials but presents critical risk given the device's network exposure and lack of mitigation options.

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large `decimalPlaces` values to the affected String constructors or concat methods, the `dtostrf` function writes beyond fixed-size stack buffers, causing memory corruption and denial of service. Under speci...

EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete header of size 8 has been read. [CVSS 8.3 HIGH]

Tenda AX3 firmware has a third stack-based buffer overflow in formGetIptv, allowing unauthenticated remote code execution through the router's web interface.

GeoGebra CAS Calculator 6.0.631.0 has a denial of service vulnerability that crashes the application through uncontrolled resource consumption triggered by crafted mathematical expressions.

DD-WRT firmware version 45723 has a buffer overflow in the UPnP network discovery service allowing remote attackers to execute code on the router without authentication.

A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. [CVSS 3.7 LOW]

A buffer over-read in the PublicKey::verify() method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 7.5 HIGH]

ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 8.1 HIGH]

FreeRDP versions before 3.21.0 contain a buffer overflow in FastGlyph parsing where a malicious Remote Desktop server can crash the client by sending specially crafted glyph data that bypasses length validation. A remote attacker can exploit this vulnerability without authentication to cause denial of service, and public exploit code exists. The vulnerability affects FreeRDP clients connecting to untrusted or compromised RDP servers, with no patch currently available for most deployments.

FreeRDP prior to 3.21.0 contains a client-side heap buffer overflow in session data processing, the fifth in a series of seven critical heap overflows fixed in version 3.21.0.

FreeRDP prior to 3.21.0 has another client-side heap buffer overflow that can be exploited by malicious RDP servers to achieve remote code execution on connected clients.

FreeRDP prior to 3.21.0 has a client-side heap buffer overflow that can be triggered by a malicious RDP server during session data processing, enabling remote code execution.

FreeRDP prior to 3.21.0 has a heap buffer overflow in ClearCodec glyph data processing that allows a malicious RDP server to execute arbitrary code on connected clients.

FreeRDP prior to 3.21.0 has a heap buffer overflow in bitmap decompression (planar codec) that can be triggered by a malicious RDP server to execute code on the client.

UTT HiPER 810 router firmware 1.7.4 has a stack buffer overflow in the /goform/setNat endpoint's strcpy function, enabling remote attackers to execute arbitrary code.

Buffer overflow in Totolik LR350 firmware allows authenticated remote attackers to achieve full system compromise through malicious SSID parameters in the wizard configuration endpoint. Public exploit code is available for this vulnerability, and no patch has been released, leaving deployed devices at immediate risk. The flaw requires valid credentials but enables complete confidentiality, integrity, and availability violations with network-level access.

Stack-based buffer overflow in Totolink LR350 firmware (version 9.3.5u.6369_B20220309) allows authenticated remote attackers to achieve complete system compromise through manipulation of the ssid parameter in the WiFi configuration function. Public exploit code is available and no patch has been released, leaving affected devices vulnerable to active exploitation. The vulnerability requires valid credentials but poses critical risk due to high-impact consequences including arbitrary code execution.

Unauthenticated remote attackers can exploit a buffer overflow in the WiFi configuration function of Totolink LR350 firmware version 9.3.5u.6369_B20220309 to achieve remote code execution with full system compromise. The vulnerability exists in the ssid parameter handler of /cgi-bin/cstecgi.cgi and requires only network access to trigger, with public exploit code already available. No patch is currently available for affected devices.

Buffer overflow in Totolink LR350 firmware allows authenticated remote attackers to achieve complete system compromise through a malformed SSID parameter in the WiFi guest configuration function. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

Heap-based buffer overflow in QuickJS up to version 0.11.0 within the js_typed_array_constructor_ta function allows remote attackers to corrupt memory and potentially achieve code execution with user interaction. Public exploit code exists for this vulnerability, increasing practical attack risk. A patch is available and should be applied immediately.

Buffer overflow in TOTOLIK A3700R firmware version 9.1.2u.5822_B20200513 allows authenticated remote attackers to achieve complete system compromise through manipulation of the ssid parameter in the WiFi guest configuration function. Public exploit code exists for this vulnerability and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

Remote code execution in UTT 520W firmware 1.7.7-180627 via a buffer overflow in the /goform/ConfigExceptAli endpoint allows authenticated attackers to execute arbitrary code with high privileges. Public exploit code exists for this vulnerability, and no patch is available from the vendor despite early disclosure notification. Affected organizations running vulnerable 520W devices should immediately isolate or replace equipment until a security update becomes available.