Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-8387

Summary
Assigner-talos
Assigner Org ID-b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At-27 Feb, 2017 | 21:00
Updated At-06 Aug, 2024 | 02:20
Rejected At-
Credits

An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This can lead to code execution under the context of the account of the user running it.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:talos
Assigner Org ID:b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At:27 Feb, 2017 | 21:00
Updated At:06 Aug, 2024 | 02:20
Rejected At:
▼CVE Numbering Authority (CNA)

An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This can lead to code execution under the context of the account of the user running it.

Affected Products
Vendor
Iceni
Product
Argus
Versions
Affected
  • 6.6.04 (Sep 7 2012) NK
Problem Types
TypeCWE IDDescription
textN/ABuffer Overflow
Type: text
CWE ID: N/A
Description: Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/96468
vdb-entry
x_refsource_BID
http://www.talosintelligence.com/reports/TALOS-2016-0212/
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/96468
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.talosintelligence.com/reports/TALOS-2016-0212/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/96468
vdb-entry
x_refsource_BID
x_transferred
http://www.talosintelligence.com/reports/TALOS-2016-0212/
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/96468
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.talosintelligence.com/reports/TALOS-2016-0212/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:talos-cna@cisco.com
Published At:27 Feb, 2017 | 21:59
Updated At:20 Apr, 2025 | 01:37

An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This can lead to code execution under the context of the account of the user running it.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
iceni
iceni
>>argus>>6.6.04
cpe:2.3:a:iceni:argus:6.6.04:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/96468talos-cna@cisco.com
Broken Link
Third Party Advisory
VDB Entry
http://www.talosintelligence.com/reports/TALOS-2016-0212/talos-cna@cisco.com
Third Party Advisory
http://www.securityfocus.com/bid/96468af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
http://www.talosintelligence.com/reports/TALOS-2016-0212/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/96468
Source: talos-cna@cisco.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.talosintelligence.com/reports/TALOS-2016-0212/
Source: talos-cna@cisco.com
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/96468
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.talosintelligence.com/reports/TALOS-2016-0212/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

3174Records found
CVE-2021-22752
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.95%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 15:40
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP (Workspace) file is being parsed by IGSS Definition.

Action-Not Available
Vendor-n/a
Product-interactive_graphical_scada_systemIGSS Definition (Def.exe) V15.0.0.21140 and prior
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-22647
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.37% / 57.92%
||
7 Day CHG~0.00%
Published-23 Feb, 2021 | 03:13
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-luxionn/aSiemens AG
Product-solid_edge_se2021solid_edge_se2020_firmwarekeyshotsolid_edge_se2021_firmwaresolid_edge_se2020keyvrkeyshot_network_renderingkeyshot_viewerLuxion KeyShotLuxion KeyVRLuxion KeyShot Network RenderingLuxion KeyShot Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-22637
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.77%
||
7 Day CHG~0.00%
Published-27 Jan, 2021 | 19:09
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).

Action-Not Available
Vendor-n/aFuji Electric Co., Ltd.
Product-v-serverv-simulatorTellus Lite V-Simulator and V-Server Lite
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21958
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.83% / 73.55%
||
7 Day CHG~0.00%
Published-16 Feb, 2022 | 16:38
Updated-15 Apr, 2025 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potential arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-hancomn/a
Product-hancom_office_2020Hancom
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-3453
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-7.67% / 91.55%
||
7 Day CHG~0.00%
Published-28 Jan, 2011 | 21:13
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationDebian GNU/Linux
Product-openofficedebian_linuxubuntu_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-17253
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.35% / 56.58%
||
7 Day CHG~0.00%
Published-08 Oct, 2019 | 11:19
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x000000000000a6b8.

Action-Not Available
Vendor-n/aIrfanView
Product-irfanviewn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21067
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.83% / 85.66%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 18:14
Updated-23 Apr, 2025 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Photoshop CoolType arbitrary stack manipulation in Type 1/Multiple Master

Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-photoshop_2020windowsmacosPhotoshop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12671
Matching Score-4
Assigner-Autodesk
ShareView Details
Matching Score-4
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.30%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 15:28
Updated-26 Aug, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34275
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.99%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:06
Updated-03 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-040)

Action-Not Available
Vendor-Siemens AG
Product-pads_viewerPADS Standard/Plus Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21099
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.01% / 82.98%
||
7 Day CHG~0.00%
Published-28 Jun, 2021 | 13:42
Updated-23 Apr, 2025 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InDesign PCX file parsing out-of-bounds write vulnerability could lead to remote code execution

Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsindesignmacosInDesign
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34276
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.99%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:06
Updated-03 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-041)

Action-Not Available
Vendor-Siemens AG
Product-pads_viewerPADS Standard/Plus Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36044
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.05%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 00:00
Updated-23 Apr, 2025 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rizin Out-of-bounds Write vulnerability in Lua binary plugin

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commits 07b43bc8aa1ffebd9b68d60624c9610cf7e460c7 and 05bbd147caccc60162d6fba9baaaf24befa281cd contain fixes for the issue.

Action-Not Available
Vendor-rizinrizinorg
Product-rizinrizin
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20330
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.23% / 46.01%
||
7 Day CHG~0.00%
Published-21 Dec, 2018 | 09:00
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.

Action-Not Available
Vendor-libjpeg-turbon/a
Product-libjpeg-turbon/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2010-3333
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-93.96% / 99.88%
||
7 Day CHG~0.00%
Published-10 Nov, 2010 | 01:00
Updated-30 Jul, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-open_xml_file_format_converterofficen/aOffice
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21871
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.34% / 55.83%
||
7 Day CHG~0.00%
Published-29 Jun, 2021 | 15:10
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. The vendor fixed it in a bug-release of the current version.

Action-Not Available
Vendor-powerison/a
Product-powerisoPowerISO
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-18342
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.00% / 82.89%
||
7 Day CHG~0.00%
Published-11 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-2560
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-55.32% / 97.98%
||
7 Day CHG~0.00%
Published-11 Aug, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_vistainternet_explorern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-18338
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-11 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-debian_linuxchromelinux_workstationlinux_serverlinux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-8658
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.68% / 90.85%
||
7 Day CHG~0.00%
Published-04 Mar, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, and CVE-2015-8820.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerchrome_oswindows_8linux_kerneliphone_osflash_player_desktop_runtimeair_desktop_runtimeair_sdkair_sdk_\&_compilerwindowswindows_8.1mac_os_xandroidwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11522
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.97%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:49
Updated-25 Nov, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24595.

Action-Not Available
Vendor-IrfanView
Product-irfanviewIrfanViewirfanview
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11515
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.10% / 29.24%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:50
Updated-25 Nov, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24010.

Action-Not Available
Vendor-IrfanView
Product-irfanviewIrfanViewirfanview
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-18583
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.42% / 61.13%
||
7 Day CHG~0.00%
Published-22 Oct, 2018 | 22:00
Updated-05 Aug, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer overflow in insertByte in miniz/lupng.c during a write operation for data obtained from a swap.

Action-Not Available
Vendor-lupng_projectn/a
Product-lupngn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21066
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-4.45% / 88.64%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 13:26
Updated-16 Sep, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge Font Parsing Out-Of-Bounds Write Arbitrary Code Execution Vulnerability

Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsbridgeBridge
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11558
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.97%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:46
Updated-25 Nov, 2024 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24808.

Action-Not Available
Vendor-IrfanView
Product-irfanviewIrfanViewirfanview
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21058
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.38% / 84.37%
||
7 Day CHG-0.10%
Published-11 Feb, 2021 | 20:07
Updated-16 Sep, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader DC Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11795
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.52%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 23:34
Updated-03 Dec, 2024 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24505.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftMonitouch V-SFTmonitouch_v-sft
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11552
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.97%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:45
Updated-25 Nov, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24751.

Action-Not Available
Vendor-IrfanView
Product-irfanviewIrfanViewirfanview
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11556
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.97%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:46
Updated-25 Nov, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24795.

Action-Not Available
Vendor-IrfanView
Product-irfanviewIrfanViewirfanview
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11527
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.97%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:44
Updated-25 Nov, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24601.

Action-Not Available
Vendor-IrfanView
Product-irfanviewIrfanViewirfanview
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11530
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.97%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:44
Updated-25 Nov, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IrfanView CGM File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView CGM File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24605.

Action-Not Available
Vendor-IrfanView
Product-irfanviewIrfanViewirfanview
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11542
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.97%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:45
Updated-25 Nov, 2024 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24703.

Action-Not Available
Vendor-IrfanView
Product-irfanviewIrfanViewirfanview
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11793
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.14%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 23:34
Updated-03 Dec, 2024 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24503.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftMonitouch V-SFTmonitouch_v-sft
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21104
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.17% / 83.66%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 16:19
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator memory corruption vulnerability could lead to remote code execution

Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsillustratorIllustrator
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11802
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.52%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 23:35
Updated-03 Dec, 2024 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24770.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-tellus_lite_v-simulatorTellus Litetellus_lite
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11519
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.10% / 29.24%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:50
Updated-26 Nov, 2024 | 11:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IrfanView RLE File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView RLE File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RLE files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24445.

Action-Not Available
Vendor-IrfanView
Product-irfanviewIrfanViewirfanview
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11520
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.97%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:49
Updated-25 Nov, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IrfanView ARW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

IrfanView ARW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ARW files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24488.

Action-Not Available
Vendor-IrfanView
Product-irfanviewIrfanViewirfanview
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11517
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.10% / 29.24%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:50
Updated-25 Nov, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24118.

Action-Not Available
Vendor-IrfanView
Product-irfanviewIrfanViewirfanview
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11801
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.14%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 23:35
Updated-03 Dec, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24769.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-tellus_lite_v-simulatorTellus Litetellus_lite
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11513
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.61%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:50
Updated-26 Nov, 2024 | 11:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ECW files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23971.

Action-Not Available
Vendor-IrfanView
Product-irfanviewIrfanViewirfanview
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12198
Matching Score-4
Assigner-Autodesk
ShareView Details
Matching Score-4
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.90%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 15:22
Updated-26 Aug, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11803
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.14%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 23:35
Updated-03 Dec, 2024 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24771.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-tellus_lite_v-simulatorTellus Litetellus_lite
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11564
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.10% / 29.24%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:46
Updated-26 Nov, 2024 | 11:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24864.

Action-Not Available
Vendor-IrfanView
Product-irfanviewIrfanViewirfanview
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11933
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.52%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 23:36
Updated-03 Dec, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24548.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-monitouch_v-sftMonitouch V-SFTmonitouch_v-sft
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11511
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.16%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:46
Updated-18 Dec, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IrfanView XCF Plugin XCF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

IrfanView XCF Plugin XCF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XCF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22735.

Action-Not Available
Vendor-IrfanView
Product-irfanviewIrfanViewirfanview
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11800
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.52%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 23:35
Updated-03 Dec, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24768.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-tellus_lite_v-simulatorTellus Litetellus_lite
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21053
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.22%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 20:15
Updated-23 Apr, 2025 | 19:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator Out-Of-Bounds Write Vulnerability Could Lead To Remote Code Execution

Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsillustratorIllustrator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11510
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.16%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:46
Updated-18 Dec, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IrfanView WBZ plugin WB1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

IrfanView WBZ plugin WB1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WB1 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22718.

Action-Not Available
Vendor-IrfanView
Product-irfanviewIrfanViewirfanview
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21101
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.04% / 86.14%
||
7 Day CHG~0.00%
Published-28 Jun, 2021 | 13:42
Updated-17 Sep, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator TTF font parsing out-of-bounds write vulnerability could lead to remote code execution

Adobe Illustrator version 25.2 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsillustratorIllustrator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21044
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-4.88% / 89.16%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 19:42
Updated-16 Sep, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader DC Out-Of-Bounds Write Vulnerability Could Lead To Arbitrary Code Execution

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11549
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.97%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:45
Updated-25 Nov, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24746.

Action-Not Available
Vendor-IrfanView
Product-irfanviewIrfanViewirfanview
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 63
  • 64
  • Next
Details not found