64 matches found
CVE-2025-54262 Substance3D - Stager | Out-of-bounds Read (CWE-125)
Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...
Linux Distros Unpatched Vulnerability : CVE-2020-18232
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulnerability in function H5Sclose in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file...
CVE-2018-11230
jbig2addpage in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted file...
CVE-2024-38517 Tencent RapidJSON include/rapidjson/reader.h GenericReader::ParseNumber() Function Template Exponent Parsing Integer Underflow
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the intege...
UBUNTU-CVE-2023-38623
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the intege...
CVE-2023-39562
GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gfbsalign function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted file...
CVE-2023-22277
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314...
PT-2023-25972 · Unknown +1 · Imagemagick +1
Name of the Vulnerable Software and Affected Versions: ImageMagick affected versions not specified Description: A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a special...
CVE-2023-31874
Yank Note YN 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire'childprocess'...
CVE-2023-31873
Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require'childprocess'...
Bottle 安全漏洞
Bottle is a simple and lightweight Python-based WSGI micro web framework from the Bottle community. A security vulnerability exists in Bottles prior to version 51.0, which stems from an error handling YAML that allows remote code execution via a crafted file...
CVE-2023-26333 ZDI-CAN-20214: Adobe Dimension USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
Adobe Dimension versions 3.4.7 and earlier is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...
CVE-2022-41696
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file...
PT-2023-15562 · Nomachine · Nomachine
Name of the Vulnerable Software and Affected Versions: NoMachine versions prior to 8.2.3 Description: An issue in NoMachine allows attackers to execute arbitrary commands via a crafted .nxs file. Recommendations: For versions prior to 8.2.3, update to version 8.2.3 or later to resolve the issue. ...
MGASA-2022-0337 Updated libtiff packages fix security vulnerability
libtiff's tiffcrop utility has a uint32t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop likely via tricking a user to run tiffcrop on it with certain parameters could cause a crash or in some cases, further exploitation. CVE-2022-2867...
The vulnerability of the Corel PhotoPaint software lies in the ability to write beyond the buffer boundaries, allowing attackers to execute arbitrary code.
The vulnerability of the Corel PhotoPaint photo-editing software relates to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created CPT file...
CVE-2022-27470
SDLttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTFRenderTextSolid. This vulnerability is triggered via a crafted TTF file...
CVE-2021-4173
A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution...
CVE-2021-29360
A buffer overflow vulnerability in FORMATS!ReadUtahRLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file...
Null pointer dereference
The gfodfdesccopy function in GPAC 1.0.1 allows attackers to cause a denial of service NULL pointer dereference via a crafted file in the MP4Box command...