PT-2026-21564

Name of the Vulnerable Software and Affected Versions free5GC go-upf versions prior to 1.2.8 Description The go-upf component of free5GC, a User Plane Function UPF implementation for 5G networks, contains a Heap-based Buffer Overflow. A specially crafted PFCP Session Modification Request with an...

CVE-2025-57740

CVE-2025-57740 describes a heap-based buffer overflow (CWE-122) in FortiOS (multiple branches) and FortiPAM/FortiProxy, where an authenticated user may cause code execution via crafted RDP bookmark requests. Affected: FortiOS 7.6.2 and below, 7.4.7 and below, 7.2.10 and below, 7.0 all versions, 6...

OSV-2025-619 Heap-buffer-overflow in webvtt_domnode_SelectNodesInTree

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437537868 Crash type: Heap-buffer-overflow READ 1 Crash state: webvttdomnodeSelectNodesInTree webvttdomnodeSelectNodesInTree webvttdomnodeSelectNodesInTree...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-31346 DESCRIPTION: AMD SEV-SNP Firmware could allow a local authenticated...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in PyTorch [CVE-2024-31580]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in PyTorch, caused by a heap-based buffer overflow in the /runtime/varargfunctions.cpp component CVE-2024-31580. PyTorch is used by our Speech Service runtimes. This vulnerabilitiy has bee...

Security Bulletin: Security Vulnerabilities in IBM MQ Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator is affected by vulnerabilities in IBM MQ. Vulnerability Details CVEID:CVE-2024-25015 DESCRIPTION: IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all...

CVE-2024-49509 InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-49507 InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-49508 InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-47431 Substance3D - Painter | Heap-based Buffer Overflow (CWE-122)

Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-49517 Substance3D - Painter | Heap-based Buffer Overflow (CWE-122)

Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-47450 Illustrator | Heap-based Buffer Overflow (CWE-122)

Illustrator versions 28.7.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Delta Electronics CNCSoft-G2

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : low attack complexity Vendor : Delta Electronics Equipment : CNCSoft-G2 Vulnerabilities : Stack-based Buffer Overflow, Out-of-bounds Write, Heap-Based Buffer Overflow, Out-of-bounds Read, Use of Uninitialized Variable 2. RISK EVALUATION...

CVE-2024-45143 Substance3D - Stager | Heap-based Buffer Overflow (CWE-122)

Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-45139 Substance3D - Stager | Heap-based Buffer Overflow (CWE-122)

Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-45139 Substance3D - Stager | Heap-based Buffer Overflow (CWE-122)

Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-47417 Animate | Heap-based Buffer Overflow (CWE-122)

Animate versions 23.0.7, 24.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-47417 Animate | Heap-based Buffer Overflow (CWE-122)

Animate versions 23.0.7, 24.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

JVN#42386607: Assimp vulnerable to heap-based buffer overflow

PlyLoader.cpp of Assimp provided by Open Asset Import Library contains a heap-based buffer overflow vulnerability CWE-122. Impact An attacker may execute arbitrary code by importing a specially crafted file into the product. Solution Update the Software Update the software to the latest version...

Adobe Photoshop 24.x < 24.7.5 / 25.x < 25.12 Multiple Vulnerabilities (APSB24-72)

The version of Adobe Photoshop installed on the remote Windows host is prior to 24.7.5/25.12. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-72 advisory. - Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability...