Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-16879

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Nov, 2017 | 22:00
Updated At-05 Aug, 2024 | 20:35
Rejected At-
Credits

Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Nov, 2017 | 22:00
Updated At:05 Aug, 2024 | 20:35
Rejected At:
▼CVE Numbering Authority (CNA)

Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html
x_refsource_MISC
https://security.gentoo.org/glsa/201804-13
vendor-advisory
x_refsource_GENTOO
http://invisible-island.net/ncurses/NEWS.html#t20171125
x_refsource_CONFIRM
https://tools.cisco.com/security/center/viewAlert.x?alertId=57695
x_refsource_CONFIRM
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
mailing-list
x_refsource_MLIST
Hyperlink: http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html
Resource:
x_refsource_MISC
Hyperlink: https://security.gentoo.org/glsa/201804-13
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://invisible-island.net/ncurses/NEWS.html#t20171125
Resource:
x_refsource_CONFIRM
Hyperlink: https://tools.cisco.com/security/center/viewAlert.x?alertId=57695
Resource:
x_refsource_CONFIRM
Hyperlink: https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html
x_refsource_MISC
x_transferred
https://security.gentoo.org/glsa/201804-13
vendor-advisory
x_refsource_GENTOO
x_transferred
http://invisible-island.net/ncurses/NEWS.html#t20171125
x_refsource_CONFIRM
x_transferred
https://tools.cisco.com/security/center/viewAlert.x?alertId=57695
x_refsource_CONFIRM
x_transferred
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201804-13
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://invisible-island.net/ncurses/NEWS.html#t20171125
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://tools.cisco.com/security/center/viewAlert.x?alertId=57695
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Nov, 2017 | 22:29
Updated At:20 Apr, 2025 | 01:37

Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
GNU
gnu
>>ncurses>>6.0
cpe:2.3:a:gnu:ncurses:6.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://invisible-island.net/ncurses/NEWS.html#t20171125cve@mitre.org
Vendor Advisory
http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.htmlcve@mitre.org
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ecve@mitre.org
N/A
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ecve@mitre.org
N/A
https://security.gentoo.org/glsa/201804-13cve@mitre.org
Third Party Advisory
https://tools.cisco.com/security/center/viewAlert.x?alertId=57695cve@mitre.org
Permissions Required
Third Party Advisory
http://invisible-island.net/ncurses/NEWS.html#t20171125af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201804-13af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://tools.cisco.com/security/center/viewAlert.x?alertId=57695af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Third Party Advisory
Hyperlink: http://invisible-island.net/ncurses/NEWS.html#t20171125
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201804-13
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://tools.cisco.com/security/center/viewAlert.x?alertId=57695
Source: cve@mitre.org
Resource:
Permissions Required
Third Party Advisory
Hyperlink: http://invisible-island.net/ncurses/NEWS.html#t20171125
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201804-13
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://tools.cisco.com/security/center/viewAlert.x?alertId=57695
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

3698Records found
CVE-2023-1579
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.81%
||
7 Day CHG~0.00%
Published-03 Apr, 2023 | 00:00
Updated-13 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.

Action-Not Available
Vendor-n/aGNU
Product-binutilsbinutils
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20230
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.40%
||
7 Day CHG~0.00%
Published-19 Dec, 2018 | 11:00
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Action-Not Available
Vendor-n/aGNU
Product-psppn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-19931
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.26%
||
7 Day CHG~0.00%
Published-07 Dec, 2018 | 07:00
Updated-05 Aug, 2024 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.

Action-Not Available
Vendor-n/aGNUNetApp, Inc.Canonical Ltd.
Product-ubuntu_linuxvasa_providerbinutilsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21813
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.25%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 17:58
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-14346
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.50% / 64.89%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 15:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).

Action-Not Available
Vendor-n/aDebian GNU/LinuxGNU
Product-libextractordebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-17942
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.08% / 83.27%
||
7 Day CHG~0.00%
Published-03 Oct, 2018 | 08:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing.

Action-Not Available
Vendor-n/aGNU
Product-gnulibn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-45332
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.00%
||
7 Day CHG~0.00%
Published-30 Nov, 2022 | 00:00
Updated-24 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-45703
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.79%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.

Action-Not Available
Vendor-n/aGNU
Product-binutilsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20294
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-15.05% / 94.30%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 00:00
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.

Action-Not Available
Vendor-n/aGNU
Product-binutilsbinutils
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-33034
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.61%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 13:33
Updated-03 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21831
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.40% / 59.91%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 21:08
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39831
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.84%
||
7 Day CHG~0.00%
Published-05 Sep, 2022 | 04:12
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230.

Action-Not Available
Vendor-n/aGNUFedora Project
Product-fedorapsppn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-33032
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.39%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 13:33
Updated-03 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-6891
Matching Score-10
Assigner-Flexera Software LLC
ShareView Details
Matching Score-10
Assigner-Flexera Software LLC
CVSS Score-8.8||HIGH
EPSS-0.92% / 75.02%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.

Action-Not Available
Vendor-Flexera Software LLCDebian GNU/LinuxThe Apache Software FoundationGNU
Product-bookkeeperdebian_linuxlibtasn1GnuTLS libtasn1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-33028
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.61%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 13:33
Updated-03 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-33026
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.61%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 13:33
Updated-03 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25308
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.45%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 17:18
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.

Action-Not Available
Vendor-n/aRed Hat, Inc.GNU
Product-fribidienterprise_linuxfribidi
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39537
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.40% / 59.77%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 00:00
Updated-04 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

Action-Not Available
Vendor-n/aGNUApple Inc.
Product-ncursesmacosmac_os_xn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39525
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.86%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:28
Updated-04 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39530
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.39% / 58.89%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:26
Updated-04 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39527
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.86%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:26
Updated-04 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45078
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.27%
||
7 Day CHG-0.01%
Published-15 Dec, 2021 | 19:37
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Action-Not Available
Vendor-n/aRed Hat, Inc.GNUNetApp, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxontap_select_deploy_administration_utilityfedoraenterprise_linuxbinutilsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21814
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.39% / 58.89%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 18:13
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21830
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.86%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 20:09
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42586
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.40% / 59.81%
||
7 Day CHG~0.00%
Published-23 May, 2022 | 10:39
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21818
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.39% / 58.89%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 18:50
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21838
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.14%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 20:41
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21840
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.50% / 65.00%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 20:58
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1125
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.85%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 14:16
Updated-12 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grub2: fs/hfs: integer overflow may lead to heap based out-of-bounds write

When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the hfsplus_open_compressed_real() function will write past of the internal buffer length. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections.

Action-Not Available
Vendor-GNURed Hat, Inc.
Product-grub2Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9077
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.58% / 67.91%
||
7 Day CHG~0.00%
Published-24 Feb, 2019 | 00:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.

Action-Not Available
Vendor-n/aF5, Inc.GNUNetApp, Inc.Canonical Ltd.
Product-ubuntu_linuxtraffix_signaling_delivery_controllerelement_softwarebinutilsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9075
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 51.44%
||
7 Day CHG~0.00%
Published-24 Feb, 2019 | 00:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.

Action-Not Available
Vendor-n/aF5, Inc.GNUNetApp, Inc.Canonical Ltd.
Product-ubuntu_linuxbig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_local_traffic_managerbig-ip_domain_name_systembig-ip_policy_webacceleratorbig-ip_application_security_managerbinutilssolidfirebig-ip_edge_gatewaybig-ip_link_controllerhci_management_nodebig-ip_access_policy_managerbig-ip_advanced_firewall_managern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20912
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.42% / 61.10%
||
7 Day CHG~0.00%
Published-16 Jul, 2020 | 17:46
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42585
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.40% / 59.81%
||
7 Day CHG~0.00%
Published-23 May, 2022 | 10:35
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-15767
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.23%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 02:05
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.

Action-Not Available
Vendor-n/aGNU
Product-chessn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39522
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.39% / 58.89%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:26
Updated-04 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-12450
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.54% / 66.69%
||
7 Day CHG~0.00%
Published-04 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file.

Action-Not Available
Vendor-n/aGNU
Product-binutilsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-11640
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.39%
||
7 Day CHG~0.00%
Published-01 May, 2019 | 17:04
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a.

Action-Not Available
Vendor-n/aGNU
Product-recutilsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-11639
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.39%
||
7 Day CHG~0.00%
Published-01 May, 2019 | 17:04
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a.

Action-Not Available
Vendor-n/aGNU
Product-recutilsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39832
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.84%
||
7 Day CHG~0.00%
Published-05 Sep, 2022 | 04:12
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Action-Not Available
Vendor-n/aGNUFedora Project
Product-fedorapsppn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44840
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.75%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.

Action-Not Available
Vendor-n/aGNU
Product-binutilsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21843
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.39% / 58.89%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 21:03
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21819
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.39% / 58.89%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 18:55
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21842
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.86%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 21:01
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21833
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.50% / 65.00%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 20:23
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21816
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.39% / 58.89%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 18:41
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21836
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.86%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 20:33
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21841
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.50% / 64.78%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 20:59
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21832
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.39% / 58.89%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 20:20
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21827
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.28% / 50.88%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 19:46
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-12459
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.54% / 66.69%
||
7 Day CHG~0.00%
Published-04 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file.

Action-Not Available
Vendor-n/aGNU
Product-binutilsn/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 73
  • 74
  • Next
Details not found