CVE-2024-11498

CVE-2024-11498 affects the libjxl (JPEG XL) library. A crafted file can trigger a stack-based overflow, causing the decoder to allocate large stack space (up to 256–512 MB) and potentially exhaust stack memory, leading to denial of service. Multiple advisories and deployable updates reference thi...

CVE-2024-11498 Resource exhaustion via Stack overflow in libjxl

There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space up to 256mb is possible, maybe 512mb, potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend...

CVE-2024-11498

There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space up to 256mb is possible, maybe 512mb, potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend...

Trimble SketchUp 安全漏洞

Trimble SketchUp is a suite of 3D modeling programs for architects, urban planners, producers, game developers, and related professionals from Trimble USA. Trimble SketchUp suffers from a security vulnerability that stems from a stack-based buffer overflow issue contained in SKP file parsing. An...

IrfanView 安全漏洞

IrfanView is an image viewer. It supports image browsing, image editing, image format conversion and so on. A buffer overflow remote code execution vulnerability exists in the IrfanView WBZ plugin WB1 Stack File Parsing, which is caused by failing to properly validate the length of user-supplied...

Siemens Tecnomatix Plant Simulation Stack Buffer Overflow Vulnerability (CNVD-2024-45987)

Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. A stack buffer overflow vulnerability exists in Siemen...

PT-2024-17040 · Irfan Skiljan · Irfanview

Name of the Vulnerable Software and Affected Versions: IrfanView affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this issue, where the target must visit a...

SourceCodester Student Record Management System 安全漏洞

SourceCodester Student Record Management System is an open source student record management system from SourceCodester. A security vulnerability exists in SourceCodester Student Record Management System version 1.0. An attacker exploiting this vulnerability could cause a stack-based buffer overfl...

PT-2025-23037

Name of the Vulnerable Software and Affected Versions icu affected versions not specified Debian Linux affected versions not specified Description A stack buffer overflow issue was discovered in the International Components for Unicode ICU. The issue occurs when running the genrb binary, causing...

Delta Electronics DIAScreen DPA File Parsing Stack Buffer Overflow Vulnerability

Delta Electronics DIAScreen is an intelligent desktop builder from Delta Electronics in Taiwan, China. A stack buffer overflow vulnerability exists in the Delta Electronics DIAScreen DPA file parsing, which can be exploited by an attacker to execute arbitrary code...

Delta Electronics DIAScreen 安全漏洞

Delta Electronics DIAScreen is an intelligent desktop builder from Delta Electronics in Taiwan, China. A stack buffer overflow vulnerability exists in the Delta Electronics DIAScreen DPA file parsing, which can be exploited by an attacker to execute arbitrary code...

Delta Electronics DIAScreen DPA File Parsing Stack Buffer Overflow Vulnerability (CNVD-2025-01799)

Delta Electronics DIAScreen is an intelligent desktop builder from Delta Electronics in Taiwan, China. A stack buffer overflow vulnerability exists in the Delta Electronics DIAScreen DPA file parsing, which can be exploited by an attacker to execute arbitrary code...

PT-2024-32883 · Ivanti · Ivanti Connect Secure

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.3 Description: A stack-based buffer overflow in IPsec allows a remote unauthenticated attacker to cause a denial of service. Recommendations: For versions prior to 22.7R2.3, update to version...

OESA-2024-2363 dcraw security update

This package contains dcraw, a command line tool to decode raw image data downloaded from digital cameras. Security Fixes: CVE-2017-13735 CVE-2017-14608 A stack-based buffer overflow in the findgreen function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remot...

OSV-2022-1288 Stack-buffer-overflow in bool SmilesParseOps::parser::parse_atom_props<std::__1::__wrap_iter<char const*>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=376787368 Crash type: Stack-buffer-overflow READ 1 Crash state: bool SmilesParseOps::parser::parseatomprops bool SmilesParseOps::parser::parseit SmilesParseOps::parseCXExtensions...

OSV-2024-1261 Stack-buffer-overflow in _pcre2_compile_class_not_nested_16

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=376515526 Crash type: Stack-buffer-overflow WRITE 2 Crash state: pcre2compileclassnotnested16 compileclassoperand pcre2compileclassnested16...

Fortinet Fortigate Stack-based buffer overflows in diagnostic CLI commands (FG-IR-21-179)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-179 advisory. - A stack-based buffer overflow vulnerability CWE-121 in the command line interpreter of FortiOS before 7.0.4 and FortiProxy...

Fortinet FortiWeb Multiple stack-based buffer overflow vulnerabilities in CLI command (FG-IR-20-206)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-20-206 advisory. - A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute...

CVE-2024-40494

Buffer Overflow in coapmsg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service stack buffer overflow via a crafted packet...

PT-2024-28877 · Freecoap · Freecoap

Name of the Vulnerable Software and Affected Versions: FreeCoAP affected versions not specified Description: The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted packet, resulting in a stack buffer overflow in the coap msg.c file. Recommendations:...