Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-5130

Summary
Assigner-Chrome
Assigner Org ID-ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At-07 Feb, 2018 | 23:00
Updated At-03 Dec, 2025 | 22:02
Rejected At-
Credits

An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Chrome
Assigner Org ID:ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At:07 Feb, 2018 | 23:00
Updated At:03 Dec, 2025 | 22:02
Rejected At:
â–¼CVE Numbering Authority (CNA)

An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

Affected Products
Vendor
n/a
Product
Google Chrome prior to 62.0.3202.62
Versions
Affected
  • Google Chrome prior to 62.0.3202.62
Problem Types
TypeCWE IDDescription
textN/AInteger overflow
Type: text
CWE ID: N/A
Description: Integer overflow
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/101482
vdb-entry
x_refsource_BID
https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html
mailing-list
x_refsource_MLIST
http://bugzilla.gnome.org/show_bug.cgi?id=783026
x_refsource_MISC
https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html
x_refsource_MISC
https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed
x_refsource_MISC
https://access.redhat.com/errata/RHSA-2017:2997
vendor-advisory
x_refsource_REDHAT
https://crbug.com/722079
x_refsource_MISC
https://security.gentoo.org/glsa/201710-24
vendor-advisory
x_refsource_GENTOO
https://security.netapp.com/advisory/ntap-20190719-0001/
x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
mailing-list
x_refsource_MLIST
Hyperlink: http://www.securityfocus.com/bid/101482
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://bugzilla.gnome.org/show_bug.cgi?id=783026
Resource:
x_refsource_MISC
Hyperlink: https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html
Resource:
x_refsource_MISC
Hyperlink: https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed
Resource:
x_refsource_MISC
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2997
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://crbug.com/722079
Resource:
x_refsource_MISC
Hyperlink: https://security.gentoo.org/glsa/201710-24
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://security.netapp.com/advisory/ntap-20190719-0001/
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Resource:
x_refsource_MISC
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
Resource:
mailing-list
x_refsource_MLIST
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/101482
vdb-entry
x_refsource_BID
x_transferred
https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html
mailing-list
x_refsource_MLIST
x_transferred
http://bugzilla.gnome.org/show_bug.cgi?id=783026
x_refsource_MISC
x_transferred
https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html
x_refsource_MISC
x_transferred
https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed
x_refsource_MISC
x_transferred
https://access.redhat.com/errata/RHSA-2017:2997
vendor-advisory
x_refsource_REDHAT
x_transferred
https://crbug.com/722079
x_refsource_MISC
x_transferred
https://security.gentoo.org/glsa/201710-24
vendor-advisory
x_refsource_GENTOO
x_transferred
https://security.netapp.com/advisory/ntap-20190719-0001/
x_refsource_CONFIRM
x_transferred
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
x_transferred
https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.securityfocus.com/bid/101482
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://bugzilla.gnome.org/show_bug.cgi?id=783026
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2997
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://crbug.com/722079
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201710-24
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20190719-0001/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-190CWE-190 Integer Overflow or Wraparound
Type: CWE
CWE ID: CWE-190
Description: CWE-190 Integer Overflow or Wraparound
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:chrome-cve-admin@google.com
Published At:07 Feb, 2018 | 23:29
Updated At:03 Dec, 2025 | 22:15

An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Google LLC
google
>>chrome>>Versions before 62.0.3202.62(exclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
libxml2 (XMLSoft)
xmlsoft
>>libxml2>>Versions before 2.9.5(exclusive)
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-190Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-190
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugzilla.gnome.org/show_bug.cgi?id=783026chrome-cve-admin@google.com
Issue Tracking
http://www.securityfocus.com/bid/101482chrome-cve-admin@google.com
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2997chrome-cve-admin@google.com
Third Party Advisory
https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.htmlchrome-cve-admin@google.com
Vendor Advisory
https://crbug.com/722079chrome-cve-admin@google.com
Third Party Advisory
https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51edchrome-cve-admin@google.com
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/11/msg00034.htmlchrome-cve-admin@google.com
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/04/msg00004.htmlchrome-cve-admin@google.com
N/A
https://security.gentoo.org/glsa/201710-24chrome-cve-admin@google.com
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190719-0001/chrome-cve-admin@google.com
N/A
https://www.oracle.com/security-alerts/cpuapr2020.htmlchrome-cve-admin@google.com
N/A
http://bugzilla.gnome.org/show_bug.cgi?id=783026af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
http://www.securityfocus.com/bid/101482af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2997af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://crbug.com/722079af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51edaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/11/msg00034.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/04/msg00004.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201710-24af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190719-0001/af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.oracle.com/security-alerts/cpuapr2020.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://bugzilla.gnome.org/show_bug.cgi?id=783026
Source: chrome-cve-admin@google.com
Resource:
Issue Tracking
Hyperlink: http://www.securityfocus.com/bid/101482
Source: chrome-cve-admin@google.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2997
Source: chrome-cve-admin@google.com
Resource:
Third Party Advisory
Hyperlink: https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html
Source: chrome-cve-admin@google.com
Resource:
Vendor Advisory
Hyperlink: https://crbug.com/722079
Source: chrome-cve-admin@google.com
Resource:
Third Party Advisory
Hyperlink: https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed
Source: chrome-cve-admin@google.com
Resource:
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html
Source: chrome-cve-admin@google.com
Resource:
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201710-24
Source: chrome-cve-admin@google.com
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20190719-0001/
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://bugzilla.gnome.org/show_bug.cgi?id=783026
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Hyperlink: http://www.securityfocus.com/bid/101482
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2997
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://crbug.com/722079
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201710-24
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20190719-0001/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7521Records found
CVE-2018-5146
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-55.24% / 97.99%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-4937
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-74.18% / 98.80%
||
7 Day CHG~0.00%
Published-19 May, 2018 | 17:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aGoogle LLCAdobe Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelwindows_8.1chrome_osmac_os_xwindowsflash_player_desktop_runtimewindows_10flash_playerAdobe Flash Player 29.0.0.113 and earlier versions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4179
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-50.21% / 97.76%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4219
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4122
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.74% / 85.64%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_serverchrome_oslinux_kernellinux_enterprise_workstation_extensionopensuseflash_player_desktop_runtimeenterprise_linux_desktopenterprise_linux_workstationlinux_enterprise_desktopwindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-13042
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.10%
||
7 Day CHG~0.00%
Published-12 Nov, 2025 | 16:48
Updated-25 Nov, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Linux Kernel Organization, IncGoogle LLC
Product-chromemacoswindowslinux_kernelChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4187
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.12% / 88.37%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-4935
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-74.18% / 98.80%
||
7 Day CHG~0.00%
Published-19 May, 2018 | 17:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aGoogle LLCAdobe Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelwindows_8.1chrome_osmac_os_xwindowsflash_player_desktop_runtimewindows_10flash_playerAdobe Flash Player 29.0.0.113 and earlier versions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4182
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-11.54% / 93.46%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32274
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.66%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:26
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution.

Action-Not Available
Vendor-faad2_projectn/aDebian GNU/Linux
Product-debian_linuxfaad2n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4220
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32493
Matching Score-10
Assigner-Fedora Project
ShareView Details
Matching Score-10
Assigner-Fedora Project
CVSS Score-7.8||HIGH
EPSS-0.38% / 58.70%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 18:24
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.

Action-Not Available
Vendor-djvulibre_projectn/aDebian GNU/Linux
Product-djvulibredebian_linuxdjvulibre
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32272
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.52%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:26
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution.

Action-Not Available
Vendor-faad2_projectn/aDebian GNU/Linux
Product-debian_linuxfaad2n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20763
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.31%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 23:00
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GPAC
Product-gpacubuntu_linuxdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20760
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.31%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 23:00
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GPAC
Product-gpacubuntu_linuxdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32277
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.66%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:26
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution.

Action-Not Available
Vendor-faad2_projectn/aDebian GNU/Linux
Product-debian_linuxfaad2n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20847
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.74% / 72.41%
||
7 Day CHG~0.00%
Published-26 Jun, 2019 | 17:07
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.

Action-Not Available
Vendor-uclouvainn/aDebian GNU/Linux
Product-openjpegdebian_linuxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-20346
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-13.21% / 93.97%
||
7 Day CHG~0.00%
Published-21 Dec, 2018 | 21:00
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Action-Not Available
Vendor-sqliten/aRed Hat, Inc.openSUSEGoogle LLCDebian GNU/Linux
Product-debian_linuxchromesqlitelinuxleapn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-4181
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.12% / 88.37%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20196
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.67%
||
7 Day CHG~0.00%
Published-18 Dec, 2018 | 01:00
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.

Action-Not Available
Vendor-audiocodingn/aDebian GNU/Linux
Product-freeware_advanced_audio_decoder_2debian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20004
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.71% / 71.79%
||
7 Day CHG~0.00%
Published-10 Dec, 2018 | 06:00
Updated-05 Aug, 2024 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml.

Action-Not Available
Vendor-mini-xml_projectn/aDebian GNU/LinuxFedora Project
Product-mini-xmldebian_linuxfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-19490
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.60%
||
7 Day CHG~0.00%
Published-23 Nov, 2018 | 17:00
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.

Action-Not Available
Vendor-gnuplotn/aDebian GNU/LinuxopenSUSE
Product-debian_linuxgnuplotleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32273
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.28%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:26
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution.

Action-Not Available
Vendor-faad2_projectn/aDebian GNU/Linux
Product-debian_linuxfaad2n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-18356
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.56% / 85.20%
||
7 Day CHG~0.00%
Published-11 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Canonical Ltd.Google LLCRed Hat, Inc.openSUSEDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_euschromeenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopleapChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-18336
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.56% / 81.16%
||
7 Day CHG~0.00%
Published-11 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-debian_linuxchromelinux_workstationlinux_serverlinux_desktopChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-18342
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.89% / 82.82%
||
7 Day CHG~0.00%
Published-11 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-18339
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.44% / 80.41%
||
7 Day CHG~0.00%
Published-11 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-debian_linuxchromelinux_workstationlinux_serverlinux_desktopChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-11205
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.67%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 22:08
Updated-13 Nov, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Linux Kernel Organization, IncApple Inc.Google LLCMicrosoft Corporation
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-18337
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.78% / 85.73%
||
7 Day CHG~0.00%
Published-11 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-debian_linuxchromelinux_workstationlinux_serverlinux_desktopChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-18341
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.67% / 81.78%
||
7 Day CHG~0.00%
Published-11 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-debian_linuxchromelinux_workstationlinux_serverlinux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-18340
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.56% / 81.16%
||
7 Day CHG~0.00%
Published-11 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-debian_linuxchromelinux_workstationlinux_serverlinux_desktopChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32491
Matching Score-10
Assigner-Fedora Project
ShareView Details
Matching Score-10
Assigner-Fedora Project
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.93%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 18:11
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.

Action-Not Available
Vendor-djvulibre_projectn/aDebian GNU/Linux
Product-djvulibredebian_linuxdjvulibre
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-4234
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4241
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4235
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4180
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.12% / 88.37%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32490
Matching Score-10
Assigner-Fedora Project
ShareView Details
Matching Score-10
Assigner-Fedora Project
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.36%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 18:18
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences.

Action-Not Available
Vendor-djvulibre_projectn/aDebian GNU/Linux
Product-djvulibredebian_linuxdjvulibre
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4249
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-10.45% / 93.07%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4245
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4154
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.25% / 88.54%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_serverchrome_oslinux_kernellinux_enterprise_workstation_extensionopensuseflash_player_desktop_runtimeenterprise_linux_desktopenterprise_linux_workstationlinux_enterprise_desktopwindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4172
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.12% / 88.37%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4127
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.74% / 85.64%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_serverchrome_oslinux_kernellinux_enterprise_workstation_extensionopensuseflash_player_desktop_runtimeenterprise_linux_desktopenterprise_linux_workstationlinux_enterprise_desktopwindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4280
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.31% / 86.96%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4177
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-48.23% / 97.65%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4176.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-10892
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.75%
||
7 Day CHG~0.00%
Published-24 Sep, 2025 | 16:17
Updated-25 Sep, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncGoogle LLCMicrosoft Corporation
Product-chromelinux_kernelmacoswindowsChrome
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-472
External Control of Assumed-Immutable Web Parameter
CVE-2016-4184
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.12% / 88.37%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3246
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.81% / 73.73%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 00:00
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.

Action-Not Available
Vendor-libsndfile_projectn/aDebian GNU/LinuxFedora Project
Product-libsndfiledebian_linuxfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4276
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.31% / 86.96%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4218
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4217
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-5.20% / 89.68%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 150
  • 151
  • Next
Details not found