Skip to main content

Buffer Overflow

memory HIGH

A buffer overflow occurs when a program writes more data to a memory buffer than it was allocated to hold, causing the excess data to spill into adjacent memory regions.

How It Works

A buffer overflow occurs when a program writes more data to a memory buffer than it was allocated to hold, causing the excess data to spill into adjacent memory regions. This overwrites whatever data or code exists there, corrupting program state and potentially giving attackers control over execution flow.

Stack-based overflows are the most common variant. When a function allocates a fixed-size buffer on the stack and then copies user-controlled input without proper bounds checking, attackers can overflow past the buffer to overwrite the function's return address. When the function completes, instead of returning to legitimate code, execution jumps to attacker-specified memory containing malicious shellcode. Heap-based overflows work differently—they corrupt heap metadata like chunk size fields or free list pointers, leading to arbitrary memory writes when the allocator processes the corrupted structures.

Modern exploitation bypasses defensive mechanisms through techniques like Return-Oriented Programming (ROP), which chains together existing code snippets to avoid non-executable memory protections. Attackers may also use heap spraying to reliably position shellcode at predictable addresses, defeating address randomization.

Impact

  • Remote code execution — attacker gains ability to run arbitrary commands with the privileges of the vulnerable process
  • Privilege escalation — exploiting kernel or setuid program overflows to gain root/SYSTEM access
  • Denial of service — crashes and memory corruption that render systems unusable
  • Information disclosure — reading sensitive data from adjacent memory regions that should be inaccessible
  • Authentication bypass — overwriting security-critical variables like permission flags or user IDs

Real-World Examples

Fortinet FortiOS suffered a critical buffer overflow (CVE-2025-32756) that allowed unauthenticated remote attackers to execute code as root on firewalls and VPN gateways. Attackers actively exploited this to compromise enterprise network perimeters before patches were available.

The Slammer worm from 2003 exploited a stack overflow in Microsoft SQL Server, spreading to 75,000 hosts in ten minutes by sending a single malformed UDP packet that overwrote the return address with shellcode. No authentication was required.

OpenSSH historically contained a heap overflow in challenge-response authentication that allowed pre-authentication remote root compromise on Unix systems, demonstrating how memory corruption in privileged network services creates maximum impact scenarios.

Mitigation

  • Memory-safe languages — Rust, Go, and modern managed languages prevent buffer overflows by design through automatic bounds checking
  • Stack canaries — random values placed before return addresses that detect corruption before control transfer
  • Address Space Layout Randomization (ASLR) — randomizes memory locations making exploitation less reliable
  • Data Execution Prevention (DEP/NX) — marks memory regions as non-executable, preventing direct shellcode execution
  • Bounds checking — validate input sizes before copying, use safe functions like strncpy instead of strcpy
  • Fuzzing and static analysis — automated testing to discover overflows before deployment

Recent CVEs (36137)

EPSS 0% CVSS 8.6
HIGH POC This Week

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Stack-based buffer overflow in Investintech SlimPDFReader ≤2.0.13 enables remote code execution when victims open malicious PDF files. The vulnerability exists in the sub_3B4610 function of SlimPDFReader.exe and requires no authentication but depends on user interaction (opening crafted PDF). Public exploit code is available via Fraunhofer SIT, significantly lowering attacker barrier. The vendor has discontinued the product with no remediation planned, leaving users with no official patch and requiring migration to alternative PDF readers.

Buffer Overflow Stack Overflow Slimpdfreader
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Libbabl
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Internet Download Manager
NVD Exploit-DB
EPSS 0% CVSS 8.7
HIGH This Week

Memory corruption in radare2 6.1.5's GDB client allows remote attackers to crash the application or potentially execute code through malformed thread information responses. The vulnerability triggers when the GDB remote protocol's qsThreadInfo command fails after qfThreadInfo has allocated memory, causing a use-after-free condition. While no public exploits have been identified, the CVSS 8.7 score reflects the potential for remote unauthenticated denial of service impact.

Denial Of Service RCE Buffer Overflow +3
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service vulnerability in coreMQTT versions before 5.0.1 allows remote MQTT brokers to crash client applications through malformed MQTT v5.0 property packets. The vulnerability stems from missing bounds validation in the property parser, enabling out-of-bounds read conditions (CWE-125). Amazon Web Services has issued a security bulletin and released version 5.0.1 to address this issue.

Buffer Overflow Information Disclosure Denial Of Service +1
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote attackers can trigger memory corruption in radare2 6.1.5 through its GDB remote debugging interface, causing denial of service or potentially achieving code execution. The use-after-free vulnerability in gdbr_threads_list() occurs when processing a valid qfThreadInfo response followed by a malformed qsThreadInfo response, leading to improper memory management. VulnCheck reported this issue and vendor patch commit c213ad6894a1eb9086ac8bf5fae35757e9e1683c addresses the vulnerability.

Denial Of Service RCE Buffer Overflow +3
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Heap buffer overflow in Imager for Perl versions through 1.030 allows remote attackers to corrupt memory and potentially read limited data via specially crafted multi-frame GIF files. The vulnerability stems from missing bounds validation in the skip-image code path of i_readgif_multi_low(), which reuses a fixed-size buffer allocated for the GIF's global screen width without checking if subsequent image frames exceed these dimensions. Vendor-released patch available in version 1.031. CVSS 6.5 indicates network-accessible exploitation requiring no authentication or user interaction, though the impact is limited to low confidentiality/integrity with no availability disruption. No public exploit identified at time of analysis.

Buffer Overflow Memory Corruption Imager
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Heap buffer overflow in Imager::File::GIF (Perl image processing library) versions through 1.002 allows local attackers to corrupt memory via specially crafted multi-frame GIF files. The vulnerability stems from missing boundary validation in the skip-image code path, which writes image data beyond allocated buffer boundaries when processing malformed GIF frames. With EPSS score at 0.02% (5th percentile) and no evidence of active exploitation, this represents a low-probability supply chain risk for Perl applications processing untrusted GIF files. Patch released in version 1.003.

Buffer Overflow Memory Corruption Imager
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

Out-of-bounds write in Huawei HarmonyOS and EMUI distributed file system module allows authenticated local attackers to corrupt memory, potentially affecting system availability and integrity. CVSS 6.8 reflects adjacent network access requirement and low attack complexity, but exploitation requires prior authentication and local network presence. No public exploit code or active exploitation confirmed at time of analysis.

Memory Corruption Buffer Overflow Emui
NVD VulDB
EPSS 0% CVSS 2.8
LOW Monitor

Stack overflow in Huawei HarmonyOS media platform allows local authenticated users to cause denial of service through a crafted media file that triggers stack memory exhaustion. The vulnerability requires user interaction and authenticated access (CVSS PR:L), limiting its real-world severity despite affecting availability. No public exploit code or active exploitation has been identified at the time of analysis.

Stack Overflow Buffer Overflow
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds read and buffer overflow in the Linux kernel's ksmbd SMB server allows authenticated remote attackers to corrupt memory or read past allocated buffers by sending a malformed inheritable ACE with an inflated num_subauth value. The flaw resides in smb_inherit_dacl() and smb_set_ace(), where the variable-length SID is not bounds-checked during DACL inheritance, enabling heap corruption with potential for remote code execution against any SMB server using ksmbd. EPSS is very low (0.02%) and no public exploit identified at time of analysis, but the vendor patch is available across multiple stable branches.

Linux Buffer Overflow Memory Corruption
NVD VulDB
EPSS 0% CVSS 1.8
LOW Monitor

An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of. Rated low severity (CVSS 1.8). No vendor patch available.

Buffer Overflow Information Disclosure Amd Instinct Mi300X +3
NVD
EPSS 0% CVSS 2.0
LOW Monitor

A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context.

Buffer Overflow Amd Radeon Pro V620 Amd Radeon Pro V710 +6
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Out-of-bounds read in power management firmware affects AMD Ryzen AI, Ryzen 7000/8000 series mobile processors, Ryzen 8000 desktop processors, embedded processors, and Radeon graphics products. A local attacker with low privileges can read sensitive firmware data, potentially disclosing confidential information and causing availability degradation. CVSS 4.8 (low severity) reflects limited privilege requirements and contained impact, though the vulnerability affects a broad processor family.

Information Disclosure Buffer Overflow Amd Ryzen Al Max +7
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in. Rated high severity (CVSS 8.8). No vendor patch available.

Buffer Overflow Amd RCE
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Buffer overflow in AMD GPU driver IOCTL handler enables local privilege escalation to root on Linux systems running AMD Instinct or Radeon Pro GPUs. Authenticated local users with low privileges can exploit an out-of-bounds write vulnerability in the AMDGV_CMD_GET_DIAG_DATA IOCTL to achieve arbitrary kernel code execution. EPSS data not available; no public exploit or CISA KEV listing identified at time of analysis, suggesting limited active exploitation despite high CVSS 8.5 severity.

Amd Memory Corruption Buffer Overflow +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Out-of-bounds read in AMD Secure Processor TEE SOC Driver allows high-privileged local attackers to trigger memory exposure or denial of service via malformed SR-IOV commands on Radeon RX 6000/7000, Pro W6000/W7000, and Instinct MI-series GPUs. Insufficient parameter sanitization in the DRV_SOC_CMD_ID_LOAD_GFX_IP_FW command handler permits crafted input to bypass bounds checks, exposing SOC Driver memory or causing exceptions. Attack requires high privilege level (PR:H) and local access (AV:L), limiting real-world exploitation to compromised administrative contexts or supply-chain scenarios.

Information Disclosure Buffer Overflow Amd
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Local privilege escalation in AMD Platform Management Framework (PMF) allows authenticated attackers with low privileges to execute arbitrary code with elevated system privileges through an out-of-bounds write vulnerability. Affects multiple AMD Ryzen processor series (6000, 7035, 7040, 8040, and Embedded R8000) across mobile and embedded platforms. The CVSS 4.0 score of 8.4 reflects high impact to system integrity and availability with changed scope, indicating the attacker can escape the vulnerable component's security context. No active exploitation confirmed in CISA KEV at time of analysis, and public exploit code availability is not indicated in current intelligence.

Amd Memory Corruption Buffer Overflow +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Buffer overflow in AMD Sensor Fusion Hub Driver allows local authenticated attackers to write out of bounds, causing denial of service or system crash. The vulnerability affects multiple Ryzen processor families (4000, 5000, 7000, 7020, 7030, 7035, 7040 series and Ryzen AI 300 series) with Radeon integrated graphics across Windows mobile and desktop platforms. No active exploitation has been confirmed at time of analysis.

Denial Of Service Amd Buffer Overflow
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Out-of-bounds read in AMD Platform Management Framework (PMF) allows authenticated local attackers to read arbitrary memory locations, potentially disclosing sensitive information or causing availability loss on affected Ryzen processors. The vulnerability requires local access and low privileges but can be triggered without user interaction. AMD released a security bulletin (AMD-SB-4015) describing the issue; active exploitation status not confirmed at time of analysis.

Information Disclosure Buffer Overflow Amd
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Out-of-bounds write in the AMD Platform Management Framework (PMF) Driver enables local authenticated users to escalate privileges on AMD Ryzen 6000/7000/8000 series processors. The vulnerability stems from improper input validation (CWE-787) allowing memory corruption beyond allocated buffer boundaries. Exploitation requires low-privilege local access with low attack complexity (CVSS 4.0: AV:L/AC:L/PR:L), making this a realistic post-compromise escalation vector. AMD released chipset driver version 7.06.02.123 addressing all affected Ryzen series. No public exploit or active exploitation confirmed at time of analysis.

Privilege Escalation Amd Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Improper input validation in the AMD Platform Management Framework (PMF) driver allows local authenticated attackers to read out-of-bounds memory, resulting in information disclosure or denial of service. The vulnerability affects multiple Ryzen processor families (7035, 7040, 8040, 6000 series, and Embedded 8000) and requires local access with limited privileges to exploit.

Information Disclosure Buffer Overflow Amd
NVD VulDB
EPSS 0% CVSS 8.5
HIGH This Week

Out-of-bounds read/write in AMD Platform Management Framework (PMF) driver allows local authenticated users to escalate privileges on Ryzen 6000/7000/8000 series processors. AMD has released patched chipset software version 7.06.02.123 addressing the improper input validation vulnerability. No public exploit code identified and CISA has not added this to KEV, indicating exploitation is not yet confirmed in real-world attacks despite the high CVSS score. Attackers must already have local system access with standard user privileges to exploit this vulnerability.

Privilege Escalation Amd Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Buffer overflow in the AMD Secure Processor (ASP) PCI driver affects dozens of AMD Ryzen, EPYC, and Threadripper processor families across desktop, mobile, and embedded variants. Local attackers with user-level privileges can trigger improper input validation in the driver to cause a crash or denial of service, with potential for integrity impact. The vulnerability requires local access and authenticated user privileges; no active exploitation in the wild has been confirmed, and vendor-released patches are available.

Denial Of Service Amd Buffer Overflow
NVD VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Amd Buffer Overflow
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Integer overflow in libyang's lyb_read_string() function leads to heap buffer overflow during LYB binary parsing, enabling remote denial-of-service attacks against NETCONF servers, sysrepo, and other YANG data consumers. The vulnerability (CWE-190) allows unauthenticated attackers to crash services by supplying maliciously crafted LYB blobs over network connections. Fixed in version SO 5.2.15. CVSS 7.5 (High) with network attack vector and low complexity, though currently limited to availability impact. No active exploitation confirmed (not in CISA KEV); public exploit code status unknown.

Integer Overflow Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Heap buffer overflow in libsixel versions up to 1.8.7-r1 enables local attackers to corrupt memory and potentially execute code by supplying maliciously crafted SIXEL image data. A signed integer overflow in the SIXEL parser's buffer resizing logic bypasses allocation size checks, allowing out-of-bounds writes with attacker-controlled offsets. The vulnerability requires user interaction to process a malicious SIXEL file but does not require authentication. Fixed in version 1.8.7-r2. No active exploitation confirmed (not in CISA KEV); public exploit code status unknown.

Integer Overflow Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Heap buffer overflow in libsixel 1.8.7-r1 and earlier allows local attackers to execute arbitrary code or crash the application when encoding images with dimensions exceeding 2.15 billion pixels. The sixel_encode_highcolor function contains a signed integer overflow in allocation size calculation that wraps to a small value, causing malloc to succeed with an undersized buffer that the encoder subsequently overflows. Fixed in version 1.8.7-r2. No CISA KEV listing or public exploit code identified at time of analysis, with EPSS exploitation probability presumably low given the highly specific triggering conditions.

Heap Overflow Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Google Chrome on Linux versions prior to 148.0.7778.168 suffers from an out-of-bounds read vulnerability in GPU processing that enables cross-origin data leakage. An attacker who has already compromised the renderer process can craft malicious HTML to read sensitive memory beyond allocated bounds, exposing data from other origins that should be isolated by the browser's same-origin policy. EPSS exploitation probability is very low (0.03%, 10th percentile) and no active exploitation or public POC has been identified. Google rates this Medium severity and released patch 148.0.7778.168 to address the issue.

Google Buffer Overflow Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)

Microsoft Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)

Google Memory Corruption Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)

Microsoft Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Heap Overflow Google Apple +3
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Microsoft Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Heap Overflow Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Microsoft Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted JPEG file. (Chromium security severity: High)

Google Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Integer overflow in GPU in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Buffer Overflow Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Heap Overflow Google Microsoft +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: High)

Heap Overflow Google RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Heap Overflow Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Microsoft Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Microsoft Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

Heap Overflow Google RCE +4
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Heap buffer overflow in OpenImageIO's SGI image decoder allows arbitrary code execution via specially crafted .sgi files. Affects versions before 3.0.18.0 and 3.1.13.0 when processing malicious SGI images with invalid RLE compression parameters. Publicly available exploit code exists (SSVC POC status confirmed). Attack requires local file access and user interaction to open the malicious file, but CVSS 8.4 reflects high impact potential (code execution) in VFX/animation production environments where SGI format handling is common. EPSS data unavailable, not listed in CISA KEV.

Memory Corruption Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Heap buffer overflow in OpenImageIO versions before 3.0.18.0 and 3.1.13.0 allows local attackers to corrupt up to 65,535 bytes of memory via malicious Softimage .pic files. The vulnerability arises when processing RLE-compressed images where run-length validation is missing in two code paths (softimageinput.cpp lines 469 and 345), though the raw packet path correctly implements bounds checking. EPSS data not available. Not listed in CISA KEV. Patches released by Academy Software Foundation in versions 3.0.18.0 and 3.1.13.0.

Memory Corruption Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Heap overflow in OpenImageIO's JPEG 2000 decoder allows local attackers with malicious image files to execute arbitrary code. Affects versions before 3.0.18.0 and 3.1.x before 3.1.13.0 when compiled with USE_OPENJPH flag. Integer overflow in buffer size calculation causes undersized heap allocation, leading to memory corruption during pixel writes. No public exploit identified at time of analysis, but SSVC framework indicates POC exists. Vendor-released patches available in versions 3.0.18.0 and 3.1.13.0.

Integer Overflow Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Integer overflow in OpenImageIO TGA image decoder allows local attackers to trigger out-of-bounds buffer read and denial of service. When processing TGA image files, the bounds check in TGAInput::decode_pixel computes k + palbytespp using unsigned 32-bit arithmetic; specifically, when k equals 0xFFFFFFFC and palbytespp equals 4, the sum wraps to zero, bypassing the palette size validation. The subsequent palette access then uses the unwrapped value as an array index, reading approximately 4 GB past the palette buffer start, causing a segmentation fault. Affects OpenImageIO versions prior to 3.0.18.0 and 3.1.13.0; requires local file access and user interaction to open a malicious TGA file. CVSS score of 5.5 reflects local-only attack vector with high availability impact but no confidentiality or integrity impact.

Information Disclosure Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Heap buffer overflow in OpenImageIO 3.0.x (before 3.0.18.0) and 3.1.x (before 3.1.13.0) allows remote attackers to achieve denial of service or potentially arbitrary code execution via crafted DPX image files. The vulnerability stems from signed integer overflow in buffer size calculations within the DPX color converter, causing undersized heap allocations. Attack requires victim to open a malicious DPX file (user interaction required per CVSS UI:R). No public exploit code or active exploitation confirmed at time of analysis, though the technical details in the GitHub advisory provide sufficient detail for proof-of-concept development.

Integer Overflow Denial Of Service RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds write in OpenImageIO versions prior to 3.0.18.0 and 3.1.13.0 allows remote attackers to crash applications or potentially execute arbitrary code by delivering maliciously crafted CbYCrY image files. A signed integer overflow in the ConvertCbYCrYToRGB() pixel-loop calculation generates large negative pointer offsets, corrupting memory during image processing. EPSS data not available; no evidence of active exploitation (not in CISA KEV); exploitation requires user interaction to process attacker-supplied image files.

Integer Overflow Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in OpenImageIO versions before 3.0.18.0 and 3.1.13.0 allows unauthenticated attackers to achieve arbitrary read/write memory access by delivering a maliciously crafted kABGR DPX image file with oversized dimensions. The signed integer overflow in SwapRGBABytes() creates a negative pointer offset that enables both out-of-bounds read via memcpy and subsequent out-of-bounds writes, potentially leading to code execution when a user opens the malicious image. EPSS data not available; no confirmed active exploitation (not in CISA KEV), though the vendor-disclosed nature and VFX industry targeting suggests focused adversary interest in content creation pipelines.

Information Disclosure Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Heap-based buffer overflow in OpenImageIO's HEIF decoder enables arbitrary code execution via crafted image files. Affects OpenImageIO versions prior to 3.0.18.0 and 3.1.13.0. Exploitation requires local access and user interaction (opening a malicious image file), but no authentication. Attack complexity is low once the malicious file is delivered. Vendor-released patches available in versions 3.0.18.0 and 3.1.13.0. No confirmed active exploitation (not listed in CISA KEV) and no public POC identified at time of analysis, though the technical details suggest straightforward exploitation once the attacker can deliver a crafted HEIF image to a target user.

Heap Overflow RCE Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Stack buffer overflow in PostgreSQL's refint module allows low-privileged database users to execute arbitrary code as the database operating system user across all supported versions before 14.23, 15.18, 16.14, 17.10, and 18.4. The vulnerability enables two distinct attack paths: direct stack overflow leading to OS-level code execution, and SQL injection when applications expose user-controlled columns configured as refint cascade primary keys. With CVSS 8.8 (AV:N/AC:L/PR:L) and network-based exploitation requiring only low-privilege database credentials, this represents a critical privilege escalation risk for PostgreSQL deployments. No active exploitation (CISA KEV) or public POC identified at time of analysis.

Stack Overflow SQLi Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Buffer over-read in PostgreSQL 18.0 through 18.3 allows authenticated table maintainers to infer sensitive memory contents by exploiting mismatched array lengths in the pg_restore_attribute_stats() function during query planning. The vulnerability requires authenticated database access and table maintenance privileges but enables information disclosure without modifying data or causing service disruption.

PostgreSQL Buffer Overflow Suse +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Uncontrolled recursion in Apache Commons Configuration 2.2 through 2.14.x allows remote attackers to trigger a denial of service via StackOverflowError when processing YAML configuration files containing cyclic object references. The vulnerability affects any application using the library to parse untrusted YAML input without validation, with CVSS 5.3 (network-accessible, no authentication required) but exceptionally low exploitation probability (EPSS 0.02%, percentile 5%), indicating this is primarily a defensive hardening fix rather than an actively exploited threat.

Apache Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Integer overflow in simdjson's string_builder::escape_and_append() function allows out-of-bounds memory reads in SIMD routines when processing very large input strings on 32-bit platforms, potentially resulting in information disclosure or memory corruption. The vulnerability affects all versions before 4.6.4 and has been patched by the vendor.

Integer Overflow Information Disclosure Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Buffer overflow in Palo Alto Networks GlobalProtect App (versions 6.0 through 6.3) allows an adjacent-network attacker positioned as a man-in-the-middle to corrupt memory during Portal/Gateway message processing, potentially executing arbitrary code with SYSTEM privileges on affected endpoints. Affected platforms include Windows (including the UWP variant), macOS, and other non-iOS clients; iOS is explicitly excluded by the vendor. No public exploit identified at time of analysis - EPSS stands at 0.01% and SSVC confirms no current exploitation - however the SSVC technical impact rating of 'total' and potential for full SYSTEM-level compromise justify prioritized patching for endpoints connecting from untrusted networks.

Memory Corruption RCE Apple +4
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Remote code execution and denial-of-service in Palo Alto Networks PAN-OS software stems from a buffer overflow in the IKEv2 processing path, allowing unauthenticated network attackers to either crash the firewall or run arbitrary code with elevated privileges. The flaw affects multiple PAN-OS branches (11.1.x, 11.2.x, and 12.1.x) while Panorama, Cloud NGFW, and Prisma Access remain unaffected. There is no public exploit identified at time of analysis, EPSS sits at a low 0.06% (19th percentile), and CISA SSVC currently lists exploitation as 'none'.

Memory Corruption RCE Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Heap-based buffer overflow in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS allows unauthenticated remote attackers to trigger a denial-of-service condition across all PAN-OS platforms (except Cloud NGFW and Prisma Access) and potentially achieve arbitrary code execution on PA-Series hardware appliances via specially crafted network traffic. The flaw is rated CVSS 7.2 with high attack complexity; no public exploit identified at time of analysis and EPSS is 0.07%, but the technical impact is rated total by SSVC.

Heap Overflow RCE Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM This Month

Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 allows a local attacker to cause a denial of service via the AP_InertialSensor_ADIS1647x.cpp,. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial-of-service attacks against striso-control-firmware commit 54c9722 via buffer overflow in AuxJack function allow unauthenticated network attackers to crash the device. Despite the high CVSS 7.5 severity, impact is limited to availability (no code execution, data theft, or privilege escalation), and the vulnerability affects an unversioned development commit of specialized musical instrument firmware with a narrow user base. No public exploit code or active exploitation indicators identified at time of analysis.

Stack Overflow Buffer Overflow
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial-of-service attack against striso-control-firmware commit 54c9722 allows network attackers to crash the device through a buffer overflow in the ThreadReadButtons function, resulting in complete service unavailability. CVSS 7.5 High severity with network attack vector requiring no authentication or user interaction. EPSS and KEV data not available; no public exploit code identified at time of analysis, though technical details disclosed in GitHub issue #5 could facilitate development.

Stack Overflow Buffer Overflow
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_SmartAudio::loop,. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow
NVD GitHub
EPSS 0% CVSS 8.6
HIGH POC This Week

Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Heap buffer over-read in NGINX's ngx_http_charset_module allows unauthenticated remote attackers to leak sensitive memory or crash worker processes when specific configuration directives (charset, source_charset, charset_map, and proxy_pass with buffering disabled) are combined. The vulnerability requires attacker-controlled conditions that depend on factors outside the attacker's control, limiting exploitability but creating real risk for affected deployments. CVSS 4.8 reflects the conditional nature of exploitation and limited scope of impact (information disclosure or availability).

Information Disclosure Buffer Overflow Nginx +2
NVD VulDB
EPSS 0% 5.3 CVSS 9.2
CRITICAL POC PATCH Act Now

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows remote attackers to crash worker processes and potentially execute code on systems without ASLR. The vulnerability requires specific rewrite directive configurations using PCRE captures with question marks in replacement strings, combined with attacker-crafted HTTP requests and conditions beyond the attacker's control. F5 has released patches addressing this critical flaw. EPSS data unavailable; no KEV listing or public exploit identified at time of analysis, though the specific configuration requirements and dependency on external conditions likely limit widespread exploitation despite the 9.2 CVSS score.

Heap Overflow RCE Buffer Overflow +3
NVD GitHub VulDB HeroDevs
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote denial-of-service in F5 BIG-IP allows unauthenticated attackers to crash the Traffic Management Microkernel (TMM) by sending specially crafted UDP requests to virtual servers with classification profiles enabled. The vulnerability affects BIG-IP, BIG-IP Next CNF, and BIG-IP Next for Kubernetes platforms. No public exploit identified at time of analysis, with EPSS data unavailable for this recent CVE. Vendor-released patch available per F5 advisory K000158038.

Stack Overflow Buffer Overflow Big Ip +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Privilege escalation in F5 BIG-IP allows authenticated administrators to cross security boundaries and achieve elevated system access through a stack buffer overflow. The vulnerability affects all BIG-IP versions and requires high-privilege administrative credentials and direct network access to exploit. No public exploit code or active exploitation has been identified at time of analysis, but a vendor patch is available.

Stack Overflow Buffer Overflow Big Ip
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote denial of service in F5 BIG-IP Access Policy Manager (APM) allows unauthenticated attackers to crash the apmd process by sending specially crafted traffic to virtual servers with APM access policies configured. The vulnerability stems from a buffer overflow (CWE-120) and requires no authentication or user interaction (CVSS:3.1/AV:N/AC:L/PR:N/UI:N). EPSS data not provided; no CISA KEV listing indicates no confirmed widespread exploitation at time of analysis. F5 has released vendor patches per advisory K000161056.

Buffer Overflow Big Ip
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Heap out-of-bounds read in Crypt::Argon2 for Perl (versions 0.017 through 0.030) exposes applications to process crash or heap memory leakage when argon2_verify is called with an empty encoded hash string. The defect is a size_t integer underflow: the auto-detect variant of argon2_verify subtracts 1 from encoded_len without a zero-check, wrapping to SIZE_MAX and causing memchr to scan up to SIZE_MAX bytes of adjacent heap memory. No public exploit has been identified and no CISA KEV listing exists; EPSS is 0.03% (9th percentile), consistent with the SSVC assessment of exploitation status 'none'.

Buffer Overflow Crypt
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Remote code execution in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud allows unauthenticated network attackers to execute arbitrary code via stack-based buffer overflow when pop3wallpasswd runs with grdnwww user privileges. Canon Marketing Japan has released patches for both on-premises (versions 1.4.00-2.4.26 affected) and SaaS deployments (pre-April 30, 2026 maintenance). CVSS 9.3 indicates critical severity with network vector and no authentication required, though EPSS score of 0.14% (33rd percentile) suggests limited real-world exploitation probability at time of analysis. SSVC assessment marks this as automatable with total technical impact but no confirmed exploitation.

Stack Overflow RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.

RCE Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

VMware Heap Overflow Privilege Escalation +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

VMware Privilege Escalation RCE +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_MSP::loop, AP_MSP, AP_MSP.cpp. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the task_mavobc_entry function at /comm/task_comm.c. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
EPSS 0% CVSS 5.6
MEDIUM This Month

Buffer overflow in NXP moal.ko Wi-Fi driver versions 5.1.7.10 with firmware v17.92.1.p149.43 through v17.92.1.p149.157 allows local privileged attackers to cause denial of service and potentially corrupt memory via the mod_para parameter in the woal_init_module_param function. The vulnerability requires high-privilege access and cannot be triggered remotely, but public exploit code exists and SSVC analysis indicates non-automatable exploitation with partial technical impact.

Buffer Overflow N A
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Out-of-bounds memory write in MongoDB Server's time-series collection feature enables arbitrary code execution by authenticated users with database write privileges. Affects all active release branches (5.0 through 8.3) when exploiting field-name-to-index mapping inconsistencies in the time-series bucket catalog. EPSS score of 0.06% (20th percentile) suggests low widespread exploitation probability despite high CVSS 8.7, but requires authentication and database privileges, limiting attack surface to insider threats or compromised application credentials. No public exploit code or CISA KEV listing identified at time of analysis.

Memory Corruption Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array (VLA) on the stack whose size is derived from an attacker-controlled HTTP header field (Content-Type: multipart/form-data; boundary=...) without enforcing any length limit. Sending a boundary string longer than ~8000 characters overflows the 8192-byte task stack of the loopTask, causing a crash and potential remote code execution. This vulnerability is fixed in 3.3.8.

Stack Overflow RCE Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Linux ksmbd contains a remote memory corruption vulnerability in the ACL inheritance path that allows remote clients with directory creation permissions to trigger a heap out-of-bounds read and subsequent heap corruption by setting a crafted DACL with a malformed SID containing an inflated num_subauth field. Attackers can exploit this vulnerability by creating a directory, setting the malicious DACL via SMB2_SET_INFO, and creating child entries to cause kernel instability, denial of service, or potentially achieve privilege escalation to kernel code execution.

Denial Of Service Buffer Overflow RCE +5
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed.

Information Disclosure RCE Buffer Overflow +5
NVD
EPSS 0% CVSS 8.4
HIGH This Week

An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed.

Information Disclosure RCE Buffer Overflow +5
NVD
EPSS 0% CVSS 8.4
HIGH This Week

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed.

Memory Corruption Buffer Overflow RCE +5
NVD
Prev Page 20 of 402 Next

Quick Facts

Typical Severity
HIGH
Category
memory
Total CVEs
36137

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy