CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

147 matches found

CVE-2025-70116

A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields e.g., codec/mime/profile strings. gfmediamapesd then calls strlen on a NULL pointer, triggering a crash ASan SEGV...

4.3CVSS5.8AI score0.00048EPSS

Exploits0References1

NVD•added 2026/05/27 5:16 p.m.•7 views

CVE-2025-70116

4.3CVSS0.00048EPSS

Exploits0References4

OSV•added 2026/05/27 5:16 p.m.•7 views

DEBIAN-CVE-2025-70116

4.3CVSS5.8AI score0.00048EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 12:0 a.m.•2 views

CVE-2025-70116

5.8AI score0.00048EPSS

Exploits0References3

CVE•added 2026/05/27 12:0 a.m.•9 views

CVE-2025-70116

CVE-2025-70116 affects GPAC MP4Box. A NULL pointer dereference occurs when parsing certain truncated MP4 files with an unknown/invalid stsd entry, leading to missing descriptor fields (e.g., codec/mime/profile strings). gf_media_map_esd then calls strlen() on a NULL pointer, triggering a crash (A...

4.3CVSS5.8AI score0.00048EPSS

Exploits0References4

ATTACKERKB•added 2026/05/17 6:51 p.m.•4 views

CVE-2026-8721

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

9.8CVSS5.9AI score0.0002EPSS

Exploits0References2

OSV•added 2026/05/07 8:26 a.m.•5 views

CLSA-2026-1778142360 jq: Fix of 2 CVEs

CVE-2026-33947: limit path depth in jvsetpath, jvgetpath, and jvdelpaths to prevent stack overflow from deep path arrays - CVE-2026-33948: remove strlen-based length calculation that truncated JSON input at embedded NUL bytes, preventing parser-differential attacks...

6.3CVSS5.9AI score0.00137EPSS

Exploits2References1

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ocfs2: mount fails with buffer overflow in strlen Starting with kernel 5.11 built with CONFIGFORTIFYSOURCE mouting an ocfs2 filesystem with either o2cb or pcmk cluster stack fails with the trace below. Problem seems to be that...

7.8CVSS6.8AI score0.00033EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: xtables: fixed the LED ID check in ledtgcheck Syzbot has reported the following BUG detected by KASAN: BUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70 Size 1 was read at address ffff8881022da0c8 by task repro/587...

7.1CVSS6.5AI score0.00008EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в binutils

A vulnerability has been discovered in GNU Binutils 2.43 and is classified as problematic. The vulnerability affects the function sanitizer::internalstrlen in the file binutils/nm.c of the nm component. Manipulation of the const argument leads to a buffer overflow. The attack can be launched...

5.3CVSS5.5AI score0.00067EPSS

Exploits1References2

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fortify: Fix compiletimestrlen under UBSANBOUNDSLOCAL With CONFIGFORTIFY=y and CONFIGUBSANLOCALBOUNDS=y enabled, we observe a runtime panic while running Android's Compatibility Test Suite's CTS android.hardware.input.cts.tests...

5.4AI score0.00027EPSS

Exploits0References2

RedhatCVE•added 2026/01/29 3:26 a.m.•4 views

CVE-2026-24852

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, a heap buffer over-read when the strlen function attempts to read a non-null-terminated buffer potentially leaking heap memory...

8.1CVSS6AI score0.00014EPSS

Exploits0References1

EUVD•added 2026/01/28 12:27 a.m.•2 views

EUVD-2026-4911

6.1CVSS6AI score0.00014EPSS

Exploits0References3

CNNVD•added 2026/01/28 12:0 a.m.•1 views

iccDEV security vulnerability

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from the strlen function attempting to read from a non-empty termination buffer, leading...

8.1CVSS5.9AI score0.00014EPSS

Exploits0References3

Broadcom•added 2026/01/27 12:0 a.m.•11 views

libcurl's ASN1 parser code has the GTime2str() function, used for parsing an ASN.1 (CVE-2024-7264)

A flaw was found in libcurl, where libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the time fraction , leading to a strlen performed on a pointer to a heap...

6.5CVSS7.1AI score0.00796EPSS

Exploits1