Skip to main content

Buffer Overflow

memory HIGH

A buffer overflow occurs when a program writes more data to a memory buffer than it was allocated to hold, causing the excess data to spill into adjacent memory regions.

How It Works

A buffer overflow occurs when a program writes more data to a memory buffer than it was allocated to hold, causing the excess data to spill into adjacent memory regions. This overwrites whatever data or code exists there, corrupting program state and potentially giving attackers control over execution flow.

Stack-based overflows are the most common variant. When a function allocates a fixed-size buffer on the stack and then copies user-controlled input without proper bounds checking, attackers can overflow past the buffer to overwrite the function's return address. When the function completes, instead of returning to legitimate code, execution jumps to attacker-specified memory containing malicious shellcode. Heap-based overflows work differently—they corrupt heap metadata like chunk size fields or free list pointers, leading to arbitrary memory writes when the allocator processes the corrupted structures.

Modern exploitation bypasses defensive mechanisms through techniques like Return-Oriented Programming (ROP), which chains together existing code snippets to avoid non-executable memory protections. Attackers may also use heap spraying to reliably position shellcode at predictable addresses, defeating address randomization.

Impact

  • Remote code execution — attacker gains ability to run arbitrary commands with the privileges of the vulnerable process
  • Privilege escalation — exploiting kernel or setuid program overflows to gain root/SYSTEM access
  • Denial of service — crashes and memory corruption that render systems unusable
  • Information disclosure — reading sensitive data from adjacent memory regions that should be inaccessible
  • Authentication bypass — overwriting security-critical variables like permission flags or user IDs

Real-World Examples

Fortinet FortiOS suffered a critical buffer overflow (CVE-2025-32756) that allowed unauthenticated remote attackers to execute code as root on firewalls and VPN gateways. Attackers actively exploited this to compromise enterprise network perimeters before patches were available.

The Slammer worm from 2003 exploited a stack overflow in Microsoft SQL Server, spreading to 75,000 hosts in ten minutes by sending a single malformed UDP packet that overwrote the return address with shellcode. No authentication was required.

OpenSSH historically contained a heap overflow in challenge-response authentication that allowed pre-authentication remote root compromise on Unix systems, demonstrating how memory corruption in privileged network services creates maximum impact scenarios.

Mitigation

  • Memory-safe languages — Rust, Go, and modern managed languages prevent buffer overflows by design through automatic bounds checking
  • Stack canaries — random values placed before return addresses that detect corruption before control transfer
  • Address Space Layout Randomization (ASLR) — randomizes memory locations making exploitation less reliable
  • Data Execution Prevention (DEP/NX) — marks memory regions as non-executable, preventing direct shellcode execution
  • Bounds checking — validate input sizes before copying, use safe functions like strncpy instead of strcpy
  • Fuzzing and static analysis — automated testing to discover overflows before deployment

Recent CVEs (36142)

EPSS 0% CVSS 6.8
MEDIUM POC This Month

a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input to registration form fields. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler (SEH) overwrite by supplying malicious. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in Tenda M3 router firmware 1.0.0.10 allows authenticated remote attackers to achieve code execution via the setAdvPolicyData endpoint. The vulnerability resides in the Destination Handler component's policyType parameter processing. Publicly available exploit code exists (GitHub POC), elevating immediate risk despite low-privilege authentication requirement. CVSS 7.4 reflects network-accessible attack with low complexity; no CISA KEV listing indicates exploitation remains proof-of-concept stage rather than widespread campaign targeting.

Tenda Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in UTT HiPER 1250GW router firmware (versions ≤3.2.7-210907-180535) allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the strcpy function within /goform/formNatStaticMap endpoint, where manipulation of the NatBind parameter triggers memory corruption. Publicly available exploit code exists (GitHub POC published), significantly lowering exploitation barriers for threat actors with valid credentials. CVSS 8.8 severity reflects network-based attack vector with low complexity, though low-privilege authentication is required, reducing immediate internet-scale exploitation risk.

Buffer Overflow Hiper 1250Gw
NVD VulDB GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Stack-based buffer overflow in Tenda AC10 router firmware version 16.03.10.10_multi_TDE01 allows authenticated remote attackers to achieve complete system compromise through the fromSysToolChangePwd function in /bin/httpd. The vulnerability requires only low-privilege authentication (CVSS PR:L) and has low attack complexity, enabling potential remote code execution with full confidentiality, integrity, and availability impact. No public exploit code identified at time of analysis, though detailed technical findings have been published on GitHub documenting multiple vulnerable endpoints.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Stack-based buffer overflow in Tenda AC10 router firmware 16.03.10.10_multi_TDE01 allows authenticated remote attackers to achieve code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the fromSysToolChangePwd function within /bin/httpd, triggered by manipulating the sys.userpass parameter. Publicly available exploit code exists (GitHub repository documented), though no confirmed active exploitation (not in CISA KEV). CVSS 8.8 reflects network-accessible attack requiring only low-privilege authentication with low complexity, making this a realistic threat for internet-exposed routers with default or compromised credentials.

Tenda Buffer Overflow Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in UTT HiPER 1250GW router (versions up to 3.2.7-210907-180535) allows authenticated remote attackers to achieve arbitrary code execution with high integrity and availability impact via malformed Profile parameter in /goform/formRemoteControl endpoint. Publicly available exploit code exists. CVSS 8.8 reflects network accessibility with low attack complexity, though authentication requirement (PR:L) moderately reduces immediate exploit surface. No CISA KEV listing indicates exploitation remains proof-of-concept stage rather than widespread campaign activity.

Buffer Overflow Stack Overflow Hiper 1250Gw
NVD VulDB GitHub
EPSS 0% CVSS 8.6
HIGH POC This Week

10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Memory Corruption +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Memory Corruption +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Memory Corruption +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Integer underflow in Nimiq core-rs-albatross <1.3.0 enables unauthenticated remote attackers to trigger deterministic denial-of-service via crafted peer handshake. Attackers send limit=0 during discovery handshake, causing arithmetic underflow (0-1 wraps to usize::MAX) when session transitions to Established state, resulting in capacity overflow panic when allocating peer contact vector. Upstream fix available (PR/commit); released patched version 1.3.0 confirmed. No public exploit identified at time of analysis, but EPSS indicates low exploitation probability and attack is trivially reproducible given simple network message crafting.

Buffer Overflow Integer Overflow Core Rs Albatross
NVD GitHub
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Use-after-free in Electron's offscreen rendering with GPU shared textures allows local attackers with high privileges to cause memory corruption or application crashes by invoking the texture release callback after its backing native state has been freed. The vulnerability affects Electron versions before 42.0.0-alpha.5, 41.1.0, 40.8.5, and 39.8.5, and only impacts applications explicitly enabling shared-texture offscreen rendering via webPreferences.offscreen.useSharedTexture: true.

Use After Free Memory Corruption Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Heap-based buffer overflow in OpenPrinting CUPS scheduler versions 2.4.16 and prior allows unauthenticated remote attackers to trigger a denial of service condition by crafting malicious job attributes that overflow buffers during filter option string construction. With a CVSS score of 5.3 and network accessibility, this vulnerability impacts availability on exposed CUPS instances; no public exploit code or vendor patch has been released as of publication.

Heap Overflow Buffer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds write vulnerability in Amazon Athena ODBC driver (pre-2.1.0.0) allows remote attackers to crash the driver through specially crafted query data, requiring user interaction to process malicious queries. Affected versions include all Amazon Athena ODBC driver releases before 2.1.0.0 across Windows, Linux, and macOS platforms. CVSS 7.1 (High) reflects network-based attack with low complexity but requires user interaction (UI:P) and impacts only availability (VA:H). No public exploit identified at time of analysis. Vendor-released patch version 2.1.0.0 is available for all supported platforms with direct download links provided in AWS security bulletin 2026-013.

Buffer Overflow Memory Corruption Amazon Athena Odbc Driver
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Integer overflow in NASA cFS CFE_TBL_ValidateCodecLoadSize function (cfe_tbl_passthru_codec.c) on 32-bit systems allows authenticated local attackers with low privileges to cause limited integrity and availability impact, though exploitation requires high attack complexity and no public exploit code has been identified; a fix is planned for an upcoming release milestone.

Integer Overflow Buffer Overflow Cfs
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Heap-based buffer overflow in NASA cFS up to version 7.0.0 exists in the CFE_MSG_GetSize function within the CCSDS Packet Header Handler component (apps/to_lab/fsw/src/to_lab_passthru_encode.c), allowing attackers on the local network to cause memory corruption with limited confidentiality, integrity, and availability impact. The vulnerability requires network adjacency but no authentication or user interaction; no public exploit code has been identified, and the project has not yet released a patch despite early notification through GitHub issue tracking.

Buffer Overflow Core Flight System
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

Memory corruption in NASA cFS up to version 7.0.0 via manipulation of the CFE_SB_TransmitMsg function in the CCSDS Header Size Handler component allows local attackers with low privileges to corrupt memory, potentially leading to denial of service or information disclosure. No public exploit code or active exploitation has been confirmed; the vendor was notified early but has not yet released a patch as of analysis time.

Buffer Overflow Cfs
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Heap overflow in Linux kernel NFSv4.0 LOCK replay cache allows unauthenticated remote attackers to corrupt kernel memory by triggering a denial-of-service or potential code execution. The vulnerability exists in nfsd4_encode_operation() which copies encoded LOCK responses up to 1024 bytes into a fixed 112-byte inline buffer without bounds checking, resulting in up to 944 bytes of slab-out-of-bounds writes. Exploitation requires two cooperating NFSv4.0 clients but no special privileges; upstream fixes are available across multiple stable kernel branches.

Linux Buffer Overflow Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow in Linux kernel HID-BPF subsystem allows arbitrary return values from dispatch_hid_bpf_raw_requests() to overflow the hid_hw_request buffer without validation. The vulnerability affects all Linux kernel versions with HID-BPF support; attackers with the ability to load or influence BPF programs targeting HID devices can trigger memory corruption. No CVSS score, EPSS data, or confirmed active exploitation has been assigned at time of analysis.

Linux Buffer Overflow Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds read and write in the Broadcom bnxt_en network driver of the Linux kernel allows a malicious or compromised NIC to corrupt kernel heap memory or crash the system. The flaw resides in the DBG_BUF_PRODUCER async event handler, which uses a firmware-supplied 16-bit 'type' field as an unchecked index into the bp->bs_trace[] array. No public exploit identified at time of analysis and EPSS rates exploitation probability at just 0.02%, but the impact on confidentiality and availability is high where the trust boundary between NIC firmware and kernel is relevant.

Linux Buffer Overflow Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Out-of-bounds read in Linux kernel Bluetooth L2CAP layer allows remote attackers to read adjacent kernel memory via truncated L2CAP_INFO_RSP packets with insufficient payload length. The l2cap_information_rsp() function validates only the fixed 4-byte header but then unconditionally accesses variable-length payload fields (feat_mask at offset +4 and fixed_chan at offset +1) without verifying the payload is present, triggering kernel memory disclosure on specially crafted Bluetooth frames.

Linux Buffer Overflow Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Buffer overflow in Linux kernel's RedBoot partition table parser allows kernel panic during boot when CONFIG_FORTIFY_SOURCE is enabled with recent compilers. The MTD (Memory Technology Devices) subsystem reads beyond allocated buffer boundaries in partition name validation, triggering fortify-source detection and kernel crash (oops). This affects systems using RedBoot bootloader partitioning on embedded devices; exploitation is involuntary (denial of service via boot failure) rather than attacker-driven, with no public exploit code identified.

Linux Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Out-of-bounds read in Linux kernel netfilter H.323/RAS packet decoding allows local or remote attackers to read 1-4 bytes beyond allocated buffer boundaries via malformed packets. The vulnerability exists in decode_int() within nf_conntrack_h323, where insufficient boundary validation before reading variable-length integer fields permits information disclosure or potential denial of service. No CVSS score or KEV status published; patch available across multiple stable kernel branches via upstream commits.

Linux Buffer Overflow Information Disclosure
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Out-of-bounds read in Linux kernel netfilter nf_conntrack_h323 DecodeQ931() function allows remote attackers to trigger a kernel memory disclosure or denial of service by sending a specially crafted H.323 packet with zero-length UserUserIE field, causing integer underflow when a 16-bit length value is decremented without validation. No public exploit code identified at time of analysis, and CVSS severity not quantified in available data.

Linux Buffer Overflow Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds read in the Linux kernel's cdc_ncm USB networking driver allows a local attacker with a malicious or compromised USB CDC NCM device to read kernel memory beyond the skb buffer. The flaw lives in cdc_ncm_rx_verify_ndp16(), where the NDP16 nframes bounds check omits the ndpoffset value, letting DPE array iteration in cdc_ncm_rx_fixup() walk past the legitimate buffer when wNdpIndex points near the end of the NTB. No public exploit identified at time of analysis and EPSS exploitation probability is 0.02% (5th percentile), but a patch is available from upstream Linux maintainers.

Linux Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow in Linux kernel cdc_ncm driver allows out-of-bounds memory reads when processing malformed USB CDC NCM (Network Control Model) packets with NDP32 (Normal Data Packet) headers positioned near the end of the network transfer buffer. The vulnerability exists in cdc_ncm_rx_verify_ndp32() where bounds checking fails to account for the ndpoffset value when validating the DPE (Data Packet Element) array size, potentially enabling local denial-of-service or information disclosure on systems with affected USB CDC NCM network devices. No active exploitation or public proof-of-concept identified at time of analysis.

Linux Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Interrupt storm in Linux kernel dpaa2-switch driver occurs when a bounds check rejects an out-of-bounds if_id in the IRQ handler but fails to clear the interrupt status, causing repeated spurious interrupts. This denial-of-service condition affects the NXP DPAA2 Ethernet switch driver on systems running vulnerable Linux kernel versions. An attacker with the ability to trigger malformed frames or hardware state transitions could exhaust CPU resources through interrupt flooding.

Linux Google Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds heap read in Electron's single-instance lock mechanism on macOS and Linux allows local attackers with same-user privileges to leak sensitive application memory through crafted second-instance messages. Affected Electron versions prior to 41.0.0, 40.8.1, 39.8.1, and 38.8.6 are vulnerable only if applications explicitly call app.requestSingleInstanceLock(); no public exploit code is currently identified, but the CVSS 5.3 score reflects moderate confidentiality impact combined with local attack complexity requirements.

Information Disclosure Buffer Overflow Microsoft +1
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use-after-free memory corruption in Electron framework (versions <39.8.1, <40.7.0, <41.0.0) allows unauthenticated remote attackers to potentially execute arbitrary code when offscreen rendering is enabled and child windows are permitted. The vulnerability triggers when a parent offscreen WebContents is destroyed while child windows remain active, causing subsequent paint operations to dereference freed memory. EPSS data not available; no public exploit identified at time of analysis. Fixed versions released by vendor.

Use After Free Memory Corruption Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Use-after-free in Electron framework allows memory corruption when native save-file dialogs remain open during session teardown. Affected Electron versions prior to 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.7 enable local attackers with UI interaction to trigger freed memory dereference via downloaded files, potentially causing application crashes or memory corruption. Only applications that programmatically destroy sessions at runtime and permit downloads are vulnerable; no public exploit code or active exploitation has been identified.

Use After Free Memory Corruption Buffer Overflow
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use-after-free in Electron framework allows memory corruption when handling fullscreen, pointer-lock, or keyboard-lock permission requests in apps with asynchronous `session.setPermissionRequestHandler()` callbacks. Affects npm package electron versions prior to 41.0.0-beta.8, 40.7.0, 39.8.0, and 38.8.6. Remote attackers can trigger memory corruption or crashes if the requesting frame navigates or window closes while the permission handler is pending. EPSS data not available; no public exploit identified at time of analysis. Vendor-released patches available across all affected major version branches.

Use After Free Memory Corruption Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Use-after-free in Electron's powerMonitor module allows local attackers to trigger memory corruption or application crashes through system power events. All Electron applications (versions <38.8.6, <39.8.1, <40.8.0, <41.0.0-beta.8) that subscribe to powerMonitor events (suspend, resume, lock-screen) are vulnerable when garbage collection frees the PowerMonitor object while OS-level event handlers retain dangling pointers. Exploitation requires local access and specific timing conditions (CVSS 7.0 HIGH, AC:H). No public exploit identified at time of analysis, though the technical details are publicly documented in the GitHub security advisory.

Use After Free Memory Corruption Microsoft +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds read in Apple swift-crypto X-Wing HPKE decapsulation allows remote attackers to trigger memory disclosure or denial of service by supplying a malformed encapsulated key. The vulnerability affects swift-crypto versions prior to 4.3.1 and any macOS or downstream applications using vulnerable versions of the cryptographic library.

Information Disclosure Buffer Overflow
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Hirschmann Industrial IT products contain a heap overflow vulnerability in the HiLCOS web interface that allows unauthenticated remote attackers to trigger a denial-of-service condition by sending. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Hirschmann Hilcos Bat R +6
NVD VulDB
EPSS 0% CVSS 1.7
LOW PATCH Monitor

Buffer overflow in XZ Utils lzma_index_decoder() allows memory corruption when processing Index records with no data entries prior to version 5.8.3. Unauthenticated remote attackers can trigger a heap overflow via crafted compressed data, potentially causing denial of service or memory corruption. The vulnerability has a low CVSS score (1.7) due to attack time requirement and limited impact scope, with no confirmed active exploitation at time of analysis.

Buffer Overflow Heap Overflow Xz
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Out-of-bounds memory access in Apple media processing affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS, allowing remote attackers to trigger unexpected application termination or memory corruption through maliciously crafted media files. The vulnerability requires user interaction (opening/playing the malicious file) but no authentication. Apple has released patched versions for all affected platforms with CVSS 6.3 (moderate severity) and no public exploitation identified at time of analysis.

Apple Memory Corruption Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption in macOS Sequoia's image processing subsystem allows unauthenticated remote attackers to potentially execute arbitrary code when a user opens a specially crafted image file. Apple has patched this buffer overflow vulnerability in macOS 15.6. With a CVSS score of 8.8 and requiring only user interaction, this represents a significant attack surface for social engineering campaigns. EPSS data not available, but no public exploit or active exploitation confirmed at time of analysis. The SSVC framework rates this as total technical impact, reinforcing the criticality of applying the vendor patch.

Apple Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption vulnerability in Apple iOS, iPadOS, and macOS allows local attackers to achieve denial of service or potentially arbitrary code execution through malicious file processing. The vulnerability affects iOS and iPadOS versions below 18.6 and macOS Sequoia below 15.6, and has been patched in iOS 18.6, iPadOS 18.6, and macOS Sequoia 15.6. No public exploit identified at time of analysis, and CVSS severity is not numerically specified by Apple, though the buffer overflow classification and file processing attack vector indicate moderate to high real-world risk for users who encounter malicious content.

Apple Buffer Overflow Memory Corruption
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Integer overflow in macOS kernel allows local applications to trigger unexpected system termination (denial of service) on Sequoia, Sonoma, and Ventura systems. The vulnerability requires local execution (AV:L) with no authentication or user interaction, enabling any installed application to crash the system. Apple has released patches addressing this issue in macOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7. No public exploit code or active exploitation has been reported at the time of analysis.

Apple Integer Overflow Buffer Overflow
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption in macOS Sequoia image processing allows remote attackers to achieve arbitrary code execution via maliciously crafted images requiring user interaction. Affects macOS Sequoia versions prior to 15.6, with CVSS 8.8 (High) severity due to potential for complete system compromise. EPSS data unavailable; no public exploit identified at time of analysis. Apple addressed the vulnerability through improved memory handling in macOS 15.6 (released June 2025). Attack requires victim to process a weaponized image file, making social engineering or malicious websites likely delivery vectors.

Apple Memory Corruption Buffer Overflow
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Out-of-bounds read in NanoMQ MQTT Broker webhook processing allows remote attackers with high privileges to trigger denial of service by sending malformed JSON payloads. Prior to version 0.24.10, the hook_work_cb() function in webhook_inproc.c passes unsanitized binary message buffers directly to cJSON_Parse(), which reads past buffer boundaries when payloads lack null terminators. The vulnerability is reliably exploitable when JSON payload length is a power-of-two >=1024 bytes, bypassing nng's allocation padding protection. No public exploit code or active exploitation has been identified.

Buffer Overflow Information Disclosure Nanomq
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial-of-service vulnerability in TP-Link Tapo C520WS v2.6 camera allows adjacent network attackers to trigger buffer overflow through crafted HTTP requests with excessively long paths that bypass initial length validation during path normalization, resulting in memory corruption and device reboot without requiring authentication. Vendor has released a patch; no public exploit code identified at time of analysis.

TP-Link Buffer Overflow
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Stack-based buffer overflow in TP-Link Tapo C520WS v2.6 allows remote attackers to trigger denial-of-service by sending oversized configuration parameters to a vulnerable configuration handling component. Successful exploitation causes device crash or reboot, impacting camera availability. Vendor has released a patch.

TP-Link Buffer Overflow Stack Overflow
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Heap-based buffer overflow in TP-Link Tapo C520WS v2.6 allows local network attackers to cause denial of service by sending crafted payloads during asynchronous video stream processing, triggering memory corruption and process crashes. The vulnerability stems from insufficient buffer boundary validation in streaming input handling. A vendor patch is available.

TP-Link Heap Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Heap-based buffer overflow in TP-Link Tapo C520WS v2.6 allows unauthenticated network attackers to trigger denial-of-service by sending crafted HTTP payloads that bypass boundary validation during segmented request body parsing. The vulnerability exploits insufficient write-boundary verification in the HTTP parsing loop, causing heap memory corruption that crashes or hangs the device process. Patch is available from the vendor.

TP-Link Heap Overflow Buffer Overflow
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Heap-based buffer overflow in TP-Link Tapo C520WS v2.6 allows remote attackers on the same network segment to trigger denial-of-service by sending crafted HTTP POST payloads that exceed allocated buffer boundaries. The vulnerability stems from missing validation in HTTP body parsing logic, causing process crashes or unresponsiveness. No CVSS score or vector data is available, limiting precise severity quantification, but the practical attack vector is network-adjacent and does not require authentication.

TP-Link Heap Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Mbed TLS versions 2.19.0 through 3.6.5 and 4.0.0 allow remote code execution through memory corruption when attackers modify serialized SSL context or session structures. The vulnerability stems from insufficient validation of deserialized data, enabling arbitrary code execution on systems using affected versions. CISA KEV status and active exploitation data not confirmed in provided intelligence.

RCE Privilege Escalation Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in Trendnet TEW-657BRM 1.00.1 wireless router allows authenticated remote attackers to achieve code execution via the update_pcdb function in /setup.cgi by manipulating the mac_pc_dba parameter. This vulnerability affects a product discontinued since June 2011 (14+ years end-of-life) with no vendor support or patches available. Publicly available exploit code exists, elevating immediate risk for organizations still operating legacy deployments. CVSS 7.4 with low attack complexity and proof-of-concept availability make this a practical exploitation target despite requiring low-privilege authentication.

Buffer Overflow Stack Overflow Tew 657Brm
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in Trendnet TEW-657BRM router firmware 1.00.1 allows authenticated remote attackers to achieve arbitrary code execution via the mac_pc_dba parameter in /setup.cgi's add_apcdb function. The product was discontinued in 2011 and receives no vendor support. A public exploit exists on GitHub, significantly lowering the barrier for exploitation against unpatched devices still deployed in production environments.

Buffer Overflow Stack Overflow Tew 657Brm
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Out-of-bounds read in LibRaw up to 0.22.0 allows remote unauthenticated attackers to cause denial of service via manipulation of load_flags or raw_width parameters in the TIFF/NEF decoder (nikon_load_padded_packed_raw function). Publicly available exploit code exists, and vendor-released patch version 0.22.1 is available. CVSS 5.3 with low availability impact and confirmed exploit publication indicates moderate real-world risk.

Buffer Overflow Information Disclosure Libraw
NVD VulDB GitHub
EPSS 0% CVSS 2.9
LOW POC PATCH Monitor

Stack-based buffer overflow in Cesanta Mongoose mDNS Record Handler (versions up to 7.20) allows remote attackers to trigger memory corruption via malformed mDNS record data in the handle_mdns_record function. The vulnerability requires high attack complexity and network-level access but results in limited confidentiality, integrity, and availability impact. Publicly available exploit code exists; vendor released patched version 7.21 with immediate availability.

Buffer Overflow Stack Overflow Mongoose
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Heap-based buffer overflow in Cesanta Mongoose versions up to 7.20 allows unauthenticated remote attackers to compromise confidentiality, integrity, and availability through malicious TLS 1.3 handshake manipulation. The vulnerability resides in mg_tls_recv_cert() function's improper handling of the pubkey argument during certificate processing. Publicly available exploit code exists (CVSS temporal E:P), and vendor-released patch is available in version 7.21. CVSS base score 7.3 reflects network-accessible, low-complexity attack requiring no privileges or user interaction.

Buffer Overflow Heap Overflow Mongoose
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Out-of-bounds write in LibRaw's JPEG DHT parser (HuffTable::initval function) allows unauthenticated remote attackers to trigger a denial of service via malformed JPEG image files. LibRaw versions up to 0.22.0 are affected; publicly available exploit code exists. CVSS 4.3 (low severity) reflects denial-of-service impact only, with low attack complexity and no authentication required. Vendor-released patch available in version 0.22.1.

Buffer Overflow Memory Corruption Libraw
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Out-of-bounds write in Nothings stb library up to version 1.22 allows remote attackers to corrupt memory and potentially execute code by crafting malicious Vorbis audio files that trigger improper bounds checking in the start_decoder function. Publicly available exploit code exists for this vulnerability, which affects all applications statically linking vulnerable stb_vorbis.c code. The vendor has not responded to disclosure attempts, leaving deployed instances without an official patch.

Buffer Overflow Memory Corruption Stb
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Out-of-bounds read in Nothings stb library (stb_truetype.h) up to version 1.26 allows remote attackers to trigger memory access violations via malformed TTF font files, resulting in information disclosure. The vulnerability affects the stbtt__buf_get8 function in the TTF file handler and requires user interaction to exploit. Publicly available exploit code exists, though the vendor has not responded to disclosure notifications. CVSS 5.3 with EPSS probability of exploitation (E:P) indicates moderate real-world risk.

Buffer Overflow Stb Truetype H
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds read in Mbed TLS 3.x before 3.6.6 allows attackers to leak adjacent CCM context data through the multipart CCM API by passing an oversized tag_len parameter to mbedtls_ccm_finish(), which lacks validation against the internal 16-byte authentication buffer. Mbed TLS 4.x contains the same vulnerability in internal code but does not expose the vulnerable function publicly; exploitation requires direct application-level invocation of the affected API. No public exploit code or active exploitation has been reported, but the attack requires no special privileges.

Buffer Overflow Information Disclosure
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Out-of-bounds read in Fuji Electric V-SFT 6.2.10.0 and earlier allows local attackers to disclose sensitive information and potentially achieve code execution when processing maliciously crafted V7 files. The vulnerability resides in the VS6ComFile!get_macro_mem_COM function and requires user interaction to open a weaponized file. No public exploit identified at time of analysis, though the local attack vector and file format parsing nature make this a realistic social engineering target for industrial control system environments.

Information Disclosure Buffer Overflow V Sft
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Stack-based buffer overflow in Fuji Electric/Hakko Electronics V-SFT versions through 6.2.10.0 enables arbitrary code execution when processing malicious V7 project files. Local attackers can exploit this via social engineering to deliver weaponized files requiring user interaction to open. CVSS 8.4 reflects high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, with EPSS data unavailable for this newly-assigned CVE. Japanese vulnerability coordination (JPCERT/JVN) indicates regional industrial control system exposure.

Buffer Overflow RCE Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Out-of-bounds read in Fuji Electric V-SFT 6.2.10.0 and earlier allows local attackers to extract sensitive memory contents and potentially achieve code execution by opening a malicious V7 project file. The vulnerability requires user interaction (opening a crafted file) but no authentication, with an EPSS probability requiring assessment. No public exploit identified at time of analysis, though JPCERT coordination suggests industrial targeting potential.

Information Disclosure Buffer Overflow V Sft
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Out-of-bounds read in Fuji Electric V-SFT industrial HMI software (versions ≤6.2.10.0) enables local attackers to disclose sensitive information and potentially achieve code execution when victims open maliciously crafted V7 project files. The vulnerability resides in the VS6ComFile!load_link_inf function during V7 file parsing. CVSS 8.4 reflects high confidentiality and integrity impact with low attack complexity requiring user interaction. No public exploit identified at time of analysis, though JPCERT coordination suggests targeted industrial sector awareness.

Information Disclosure Buffer Overflow V Sft
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Stack-based buffer overflow in Fuji Electric/HAKKO Electronics V-SFT automation software (versions ≤6.2.10.0) allows arbitrary code execution when opening a maliciously crafted V7 project file. An attacker must convince a user to open a weaponized file, requiring no authentication but user interaction. EPSS data not available; no public exploit identified at time of analysis, though the specific function (CV7BaseMap::WriteV7DataToRom) and vulnerability class (stack overflow) provide sufficient technical detail for skilled attackers to develop exploits.

RCE Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

Out-of-bounds read in Nothings stb library up to version 1.26 allows remote attackers to trigger information disclosure via a crafted TTF file processed by the stbtt_InitFont_internal function in stb_truetype.h. Exploitation requires user interaction (opening a malicious font file) and publicly available exploit code exists; however, the vendor has not responded to early disclosure notification.

Information Disclosure Buffer Overflow Stb
NVD VulDB GitHub
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Out-of-bounds heap write in OpenEXR 3.4.0-3.4.7 allows local attackers to crash applications or corrupt memory when processing malicious B44/B44A compressed EXR files. Attack requires user interaction to open a crafted image file. Patched in version 3.4.8. CVSS 8.4 (High) reflects local attack vector with no privileges required but mandatory user action. No confirmed active exploitation or public POC identified at time of analysis, though proof-of-concept development is feasible given the detailed GitHub advisory and commit.

Buffer Overflow Integer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Heap buffer overflow in OpenEXR 3.4.0 through 3.4.6 allows remote code execution when processing maliciously crafted EXR image files with HTJ2K compression and specific channel width configurations. The vulnerability enables controlled heap overwrites of 2-4 bytes per iteration beyond allocated buffer boundaries, exploitable through user interaction with weaponized .exr files. Attack vector is local (AV:L) requiring user action (UI:A) but no privileges (PR:N), with CVSS 8.4 severity. Vendor-released patch available in version 3.4.7. No public exploit identified at time of analysis, though the precise technical details in the security advisory lower exploitation complexity for capable adversaries.

Buffer Overflow RCE Heap Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in llama.cpp RPC backend allows unauthenticated attackers with TCP access to achieve arbitrary memory read/write and full ASLR bypass. The vulnerability stems from missing bounds validation in deserialize_tensor() when processing GRAPH_COMPUTE messages with zero-valued buffer fields. Attackers can leverage pointer leaks from ALLOC_BUFFER/BUFFER_GET_BASE operations to reliably exploit this flaw. Fixed in version b8492 (commit 39bf0d3c). CVSS 9.8 (Critical) with network attack vector, low complexity, and no authentication required. No public exploit identified at time of analysis, though the detailed advisory provides sufficient technical context for weaponization.

RCE Buffer Overflow Llama Cpp
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Cisco IMC web-based management interface allows authenticated administrators to execute arbitrary code as root through improper input validation in HTTP requests. The vulnerability affects Cisco Unified Computing System (standalone) and requires admin-level credentials and network access; successful exploitation grants attacker root-level code execution on the underlying operating system. No public exploit code or active exploitation has been identified at time of analysis.

Cisco RCE Memory Corruption +1
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Out-of-bounds read in Corosync allows unauthenticated remote attackers to crash cluster nodes and potentially leak memory via malformed UDP packets. Affects default totemudp/totemudpu configurations across Red Hat Enterprise Linux 7/8/9/10 and OpenShift Container Platform 4. CVSS 8.2 (High) with network attack vector, low complexity, and no authentication required. EPSS and exploitation status data not available; no public exploit identified at time of analysis. Impacts high-availability clustering infrastructure commonly used in enterprise production environments.

Denial Of Service Buffer Overflow Red Hat Enterprise Linux 10 +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds read and write in Linux kernel AppArmor DFA verification allows local authenticated users to cause memory corruption and potential privilege escalation. Affects Linux kernel 4.17+ through 6.12.x, actively patched in stable branches 6.6.130, 6.12.77, 6.18.18, and 6.19.8. The vulnerability occurs during AppArmor policy loading when malformed DFA structures bypass bounds checking in verify_dfa(). EPSS score of 0.02% suggests low exploitation probability in the wild; no public exploit code or CISA KEV listing identified. Ubuntu rates this medium priority with patches released via USN-8152-1.

Linux Buffer Overflow Debian +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds memory read in Linux kernel AppArmor DFA matching affects kernel versions since 4.17 due to macro side-effect bug. The match_char() macro evaluates its character parameter multiple times when called with *str++, causing the pointer to advance past buffer boundaries during differential encoding chain traversal. Ubuntu has released patches (USN-8152-1) with fixes available in kernels 6.6.130, 6.12.77, 6.18.18, 6.19.8, and 7.0-rc4. EPSS score of 0.02% (5th percentile) indicates very low exploitation probability, and no public exploit or CISA KEV listing exists. CVSS 7.8 reflects local high-privilege impact, but real-world risk is limited to authenticated local users who can trigger AppArmor path permission checks.

Linux Buffer Overflow Debian +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds read in WebCodecs component of Google Chrome prior to version 146.0.7680.178 allows remote attackers to read arbitrary memory contents via specially crafted HTML pages. The vulnerability affects all Chrome versions below the patched release and requires only HTML delivery (no authentication); exploitation could disclose sensitive data from the browser process memory, though the Chromium project assessed this as Medium severity.

Google Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution via heap buffer overflow in Google Chrome's GPU component affects all versions prior to 146.0.7680.178, allowing attackers to execute arbitrary code by crafting malicious HTML pages. The vulnerability requires only a remote attacker with no special privileges or user authentication; users need only visit a compromised or attacker-controlled website. No CVSS score was assigned by NVD, though Chromium classified it as High severity. Patch availability confirmed from vendor.

Google Heap Overflow RCE +2
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Out-of-bounds read in WebCodecs functionality in Google Chrome prior to version 146.0.7680.178 allows remote attackers to read arbitrary memory contents via a crafted HTML page. The vulnerability affects all Chrome versions before the patched release and requires only user interaction (visiting a malicious webpage) to trigger. No public exploit code or active exploitation has been confirmed at time of analysis.

Google Information Disclosure Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to version 146.0.7680.178 exploits object corruption in the V8 JavaScript engine, allowing attackers to execute arbitrary code within the Chrome sandbox via a specially crafted HTML page. The vulnerability affects all Chrome versions below the patched release and carries a High Chromium security severity rating.

Google RCE Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Integer overflow in ANGLE (Google's OpenGL abstraction layer) in Chrome on Windows before version 146.0.7680.178 enables out-of-bounds memory writes if the renderer process is compromised, allowing an attacker to execute arbitrary code with renderer privileges. The vulnerability requires prior renderer process compromise, limiting the immediate attack surface but representing a critical post-compromise escalation vector. Chromium severity is rated High; patch availability confirms vendor remediation.

Google Buffer Overflow Microsoft +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in ANGLE (Almost Native Graphics Layer Engine) within Google Chrome on macOS prior to version 146.0.7680.178 allows unauthenticated remote attackers to execute arbitrary code by crafting a malicious HTML page that triggers a heap buffer overflow. This vulnerability affects all Chrome versions below the patched release and poses an immediate risk to macOS users who visit compromised or malicious websites.

Google Heap Overflow RCE +5
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Buffer over-read vulnerability in RTI Connext Professional Core Libraries allows unauthenticated remote attackers to read beyond allocated buffer boundaries, potentially leaking sensitive data. Affected versions span multiple major release lines: 7.4.0-7.6.x, 7.0.0-7.3.0.x, 6.1.0-6.1.x, 6.0.0-6.0.x, 5.3.0-5.3.x, and 4.3x-5.2.x. The CVSS 6.3 score reflects low confidentiality impact with network-based attack surface; no public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.

Buffer Overflow Connext Professional
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Buffer overflow in Mbed TLS public key export functionality for Finite Field Diffie-Hellman (FFDH) keys affects versions through 3.6.5 and TF-PSA-Crypto 1.0.0. An attacker can trigger a memory corruption condition during FFDH public key export operations, potentially enabling code execution or denial of service depending on memory layout and application context. No public exploit code or active exploitation has been confirmed at time of analysis.

Buffer Overflow
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Buffer overflow in TOTOlink A3600R v5.9c.4959 setAppEasyWizardConfig interface allows remote code execution or denial of service via unvalidated rootSsid parameter in /lib/cste_modules/app.so. The vulnerability affects a Wi-Fi router's configuration endpoint and enables unauthenticated attackers to trigger memory corruption with potential for arbitrary code execution. No CVSS vector or patch status was available at time of analysis.

Buffer Overflow RCE Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in Mbed TLS versions 3.5.0 through 3.6.5 allows remote attackers to cause a denial of service or potentially execute arbitrary code via crafted input to the x509_inet_pton_ipv6() function used in X.509 certificate parsing. The vulnerability is fixed in Mbed TLS 3.6.6 and 4.1.0. No public exploit code or confirmed active exploitation has been identified at the time of analysis.

Buffer Overflow Stack Overflow
NVD VulDB
EPSS 0% CVSS 1.9
LOW Monitor

Heap-based buffer overflow in Axiomatic Bento4 up to version 1.6.0-641 allows local authenticated attackers to cause a denial of service or potentially corrupt memory via the AP4_BitReader::SkipBits function in the DSI v1 Parser component when processing a maliciously crafted n_presentations argument. Public exploit code is available; vendor has not responded to early disclosure.

Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 6.2
MEDIUM This Month

Heap buffer overflow in iccDEV's icAnsiToUtf8() function allows local attackers to cause denial of service via a crafted ICC color profile processed by the iccToXml tool. The vulnerability exists in versions prior to 2.3.1.6 and stems from unsafe string handling that treats non-null-terminated buffers as C-strings, triggering out-of-bounds memory reads. CVSS 6.2 with local attack vector and no authentication required; vendor-released patch available in version 2.3.1.6.

Buffer Overflow Information Disclosure Iccdev
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

Stack buffer overflow in iccDEV library versions prior to 2.3.1.6 allows local attackers to cause denial of service by crafting malicious ICC color management profile files that trigger a 4-byte write overflow in CIccTagFixedNum<>::GetValues(). The vulnerability requires local access and no user interaction, with CVSS 6.2 reflecting the high availability impact. No public exploit code or active exploitation has been identified; vendor-released patch version 2.3.1.6 is available.

Buffer Overflow Stack Overflow Iccdev
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

Heap buffer overflow in iccDEV's CIccApplyCmmSearch::costFunc() function allows local attackers to trigger an out-of-bounds memory read via malformed JSON configuration input to the iccApplySearch tool, resulting in denial of service. The vulnerability affects iccDEV versions prior to 2.3.1.6 and has been patched; no public exploit identified at time of analysis, though the issue is straightforward to trigger with crafted input.

Buffer Overflow Information Disclosure Iccdev
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

Stack buffer overflow in iccDEV library versions prior to 2.3.1.6 allows local attackers to trigger a denial of service by crafting a malicious ICC color profile that overflows a 4-byte stack buffer in the CIccCalculatorFunc::Apply() function during profile processing. The vulnerability requires local access and no user interaction, with CVSS 6.2 reflecting high availability impact but no direct code execution path; vendor-released patch is available in version 2.3.1.6.

Stack Overflow Buffer Overflow Iccdev
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

Heap buffer overflow in iccDEV prior to version 2.3.1.6 allows denial of service via a crafted ICC color profile that triggers out-of-bounds heap read in icMemDump() when iccDumpProfile processes malformed tag contents. The vulnerability affects local attackers without authentication or user interaction, though the practical attack surface depends on how iccDumpProfile is invoked in consuming applications. No public exploit code or active exploitation has been identified; the issue was discovered through code analysis and AddressSanitizer instrumentation.

Heap Overflow Buffer Overflow Iccdev
NVD GitHub
Prev Page 32 of 402 Next

Quick Facts

Typical Severity
HIGH
Category
memory
Total CVEs
36142

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy