CVE-2025-6377 Arena® Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability

A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threa...

CVE-2024-23153

CVE-2024-23153 affects Autodesk AutoCAD; the vulnerability arises when parsing a malicious MODEL file in libodx.dll, causing an Out-of-Bounds Read that can crash the process, read data, or allow arbitrary code execution. Connected sources confirm the issue relates to libodx.dll parsing of MODEL f...

CVE-2024-20290

A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer...

Out Of Bounds Read

stbvorbis is vulnerable to Out of bounds Read.The vulnerability is due to the processing of ogg vorbis files using the DECODE macro. This can be exploited by the attacker by crafting a file that triggers an out of bounds read when the var is negative thus resulting in leakage of internal memory...

CVE-2021-38099

CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue...

CVE-2020-5683

Directory traversal vulnerability in GROWI versions prior to v4.2.3 v4.2 Series, GROWI versions prior to v4.1.12 v4.1 Series, and GROWI v3 series and earlier GROWI versions prior to v4.2.3 v4.2 Series, GROWI versions prior to v4.1.12 v4.1 Series, and GROWI v3 series and earlier allows remote...

CVE-2020-3481

A vulnerability in the EGG archive parsing module in Clam AntiVirus ClamAV Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could...

CVE-2019-8383

An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function advpngunfilter8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service Segmentation fault or possibly have unspecified other...

Design/Logic Flaw

An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denial of Service application crash caused by out-of-bounds read by crafting a file that has fewer tha...