Lucene search
+L

64 matches found

Cvelist
Cvelist
added 2025/09/16 5:23 p.m.13 views

CVE-2025-54262 Substance3D - Stager | Out-of-bounds Read (CWE-125)

Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...

7.8CVSS0.0021EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-18232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulnerability in function H5Sclose in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file...

8.8CVSS7.4AI score0.00882EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 5:38 a.m.5 views

CVE-2018-11230

jbig2addpage in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted file...

8.8CVSS7.4AI score0.01767EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/09 6:51 p.m.27 views

CVE-2024-38517 Tencent RapidJSON include/rapidjson/reader.h GenericReader::ParseNumber() Function Template Exponent Parsing Integer Underflow

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the intege...

7.8CVSS7.2AI score0.00375EPSS
Exploits0References3
OSV
OSV
added 2024/01/08 3:15 p.m.3 views

UBUNTU-CVE-2023-38623

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the intege...

7.8CVSS7.6AI score0.00432EPSS
Exploits1References3
OSV
OSV
added 2023/08/28 7:15 p.m.12 views

CVE-2023-39562

GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gfbsalign function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted file...

5.5CVSS6.6AI score
Exploits0References2
OSV
OSV
added 2023/08/03 3:15 p.m.3 views

CVE-2023-22277

Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314...

7.8CVSS6.2AI score0.00236EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/07/24 12:0 a.m.8 views

PT-2023-25972 · Unknown +1 · Imagemagick +1

Name of the Vulnerable Software and Affected Versions: ImageMagick affected versions not specified Description: A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a special...

8.8CVSS7AI score0.89855EPSS
Exploits37References75
NVD
NVD
added 2023/05/29 12:15 a.m.54 views

CVE-2023-31874

Yank Note YN 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire'childprocess'...

8.8CVSS8.8AI score0.04898EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2023/05/28 12:0 a.m.5 views

CVE-2023-31873

Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require'childprocess'...

7.4AI score0.01349EPSS
Exploits4References1
CNNVD
CNNVD
added 2023/05/26 12:0 a.m.6 views

Bottle 安全漏洞

Bottle is a simple and lightweight Python-based WSGI micro web framework from the Bottle community. A security vulnerability exists in Bottles prior to version 51.0, which stems from an error handling YAML that allows remote code execution via a crafted file...

7.8CVSS8.1AI score0.0047EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/03/28 12:0 a.m.6 views

CVE-2023-26333 ZDI-CAN-20214: Adobe Dimension USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe Dimension versions 3.4.7 and earlier is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...

7.8CVSS7AI score0.00353EPSS
Exploits0References1
OSV
OSV
added 2023/03/21 11:15 p.m.7 views

CVE-2022-41696

Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file...

5.5CVSS5.7AI score0.00255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/03 12:0 a.m.4 views

PT-2023-15562 · Nomachine · Nomachine

Name of the Vulnerable Software and Affected Versions: NoMachine versions prior to 8.2.3 Description: An issue in NoMachine allows attackers to execute arbitrary commands via a crafted .nxs file. Recommendations: For versions prior to 8.2.3, update to version 8.2.3 or later to resolve the issue. ...

5.3CVSS5.9AI score0.00207EPSS
Exploits0References4
OSV
OSV
added 2022/09/16 7:39 p.m.8 views

MGASA-2022-0337 Updated libtiff packages fix security vulnerability

libtiff's tiffcrop utility has a uint32t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop likely via tricking a user to run tiffcrop on it with certain parameters could cause a crash or in some cases, further exploitation. CVE-2022-2867...

5.5CVSS6.1AI score0.003EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/05/26 12:0 a.m.7 views

The vulnerability of the Corel PhotoPaint software lies in the ability to write beyond the buffer boundaries, allowing attackers to execute arbitrary code.

The vulnerability of the Corel PhotoPaint photo-editing software relates to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created CPT file...

7.8CVSS7.9AI score0.02076EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2022/05/04 2:34 a.m.53 views

CVE-2022-27470

SDLttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTFRenderTextSolid. This vulnerability is triggered via a crafted TTF file...

7.8CVSS7.4AI score0.00946EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2021/12/28 4:50 p.m.60 views

CVE-2021-4173

A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution...

7.8CVSS4.4AI score0.01621EPSS
Exploits1References3
OSV
OSV
added 2021/09/28 4:15 p.m.7 views

CVE-2021-29360

A buffer overflow vulnerability in FORMATS!ReadUtahRLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file...

7.8CVSS6.3AI score0.00969EPSS
Exploits0References1
Prion
Prion
added 2021/09/13 2:15 p.m.17 views

Null pointer dereference

The gfodfdesccopy function in GPAC 1.0.1 allows attackers to cause a denial of service NULL pointer dereference via a crafted file in the MP4Box command...

4.3CVSS5.3AI score0.00868EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder