Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-7572

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-07 Feb, 2019 | 00:00
Updated At-04 Aug, 2024 | 20:54
Rejected At-
Credits

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:07 Feb, 2019 | 00:00
Updated At:04 Aug, 2024 | 20:54
Rejected At:
▼CVE Numbering Authority (CNA)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html
mailing-list
https://bugzilla.libsdl.org/show_bug.cgi?id=4495
N/A
https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html
mailing-list
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
N/A
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html
vendor-advisory
https://security.gentoo.org/glsa/201909-07
vendor-advisory
https://usn.ubuntu.com/4156-1/
vendor-advisory
https://usn.ubuntu.com/4156-2/
vendor-advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html
mailing-list
https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html
mailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/
vendor-advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html
mailing-list
https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
mailing-list
https://security.gentoo.org/glsa/202305-17
vendor-advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html
Resource:
mailing-list
Hyperlink: https://bugzilla.libsdl.org/show_bug.cgi?id=4495
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html
Resource:
mailing-list
Hyperlink: https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html
Resource:
vendor-advisory
Hyperlink: https://security.gentoo.org/glsa/201909-07
Resource:
vendor-advisory
Hyperlink: https://usn.ubuntu.com/4156-1/
Resource:
vendor-advisory
Hyperlink: https://usn.ubuntu.com/4156-2/
Resource:
vendor-advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html
Resource:
mailing-list
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html
Resource:
mailing-list
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/
Resource:
vendor-advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html
Resource:
mailing-list
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
Resource:
mailing-list
Hyperlink: https://security.gentoo.org/glsa/202305-17
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html
mailing-list
x_transferred
https://bugzilla.libsdl.org/show_bug.cgi?id=4495
x_transferred
https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html
mailing-list
x_transferred
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html
vendor-advisory
x_transferred
https://security.gentoo.org/glsa/201909-07
vendor-advisory
x_transferred
https://usn.ubuntu.com/4156-1/
vendor-advisory
x_transferred
https://usn.ubuntu.com/4156-2/
vendor-advisory
x_transferred
https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html
mailing-list
x_transferred
https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html
mailing-list
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/
vendor-advisory
x_transferred
https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html
mailing-list
x_transferred
https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
mailing-list
x_transferred
https://security.gentoo.org/glsa/202305-17
vendor-advisory
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html
Resource:
mailing-list
x_transferred
Hyperlink: https://bugzilla.libsdl.org/show_bug.cgi?id=4495
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html
Resource:
mailing-list
x_transferred
Hyperlink: https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
Resource:
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html
Resource:
vendor-advisory
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201909-07
Resource:
vendor-advisory
x_transferred
Hyperlink: https://usn.ubuntu.com/4156-1/
Resource:
vendor-advisory
x_transferred
Hyperlink: https://usn.ubuntu.com/4156-2/
Resource:
vendor-advisory
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html
Resource:
mailing-list
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html
Resource:
mailing-list
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/
Resource:
vendor-advisory
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html
Resource:
mailing-list
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
Resource:
mailing-list
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202305-17
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:07 Feb, 2019 | 07:29
Updated At:07 Nov, 2023 | 03:13

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
libsdl
libsdl
>>simple_directmedia_layer>>Versions up to 1.2.15(inclusive)
cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*
libsdl
libsdl
>>simple_directmedia_layer>>Versions from 2.0.0(inclusive) to 2.0.9(inclusive)
cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.0
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>42.3
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>18.04
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Fedora Project
fedoraproject
>>fedora>>31
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://bugzilla.libsdl.org/show_bug.cgi?id=4495cve@mitre.org
Exploit
Issue Tracking
Vendor Advisory
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720cve@mitre.org
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00015.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00016.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00020.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00021.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00032.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/02/msg00008.htmlcve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/cve@mitre.org
N/A
https://security.gentoo.org/glsa/201909-07cve@mitre.org
Third Party Advisory
https://security.gentoo.org/glsa/202305-17cve@mitre.org
N/A
https://usn.ubuntu.com/4156-1/cve@mitre.org
Third Party Advisory
https://usn.ubuntu.com/4156-2/cve@mitre.org
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://bugzilla.libsdl.org/show_bug.cgi?id=4495
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Vendor Advisory
Hyperlink: https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201909-07
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/202305-17
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://usn.ubuntu.com/4156-1/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/4156-2/
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

3502Records found
CVE-2014-1497
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.50% / 64.97%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSERed Hat, Inc.Debian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_eusfirefoxenterprise_linux_server_eusthunderbirdsuse_linux_enterprise_desktopdebian_linuxenterprise_linux_server_ausseamonkeyfirefox_esropensuseubuntu_linuxenterprise_linux_desktopsuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_workstationsuse_linux_enterprise_software_development_kitn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-9726
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.42%
||
7 Day CHG+0.18%
Published-26 Jul, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

Action-Not Available
Vendor-n/aArtifex Software Inc.Debian GNU/Linux
Product-debian_linuxghostscript_ghostxpsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-9739
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.42%
||
7 Day CHG+0.18%
Published-26 Jul, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

Action-Not Available
Vendor-n/aArtifex Software Inc.Debian GNU/Linux
Product-debian_linuxghostscript_ghostxpsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-9611
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.42%
||
7 Day CHG+0.02%
Published-26 Jul, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

Action-Not Available
Vendor-n/aArtifex Software Inc.Debian GNU/Linux
Product-ghostscriptdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-9727
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.42%
||
7 Day CHG+0.18%
Published-26 Jul, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

Action-Not Available
Vendor-n/aArtifex Software Inc.Debian GNU/Linux
Product-debian_linuxghostscript_ghostxpsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-9935
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.01% / 76.22%
||
7 Day CHG+0.03%
Published-26 Jun, 2017 | 12:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.LibTIFF
Product-ubuntu_linuxdebian_linuxlibtiffn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-6304
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.64%
||
7 Day CHG~0.00%
Published-24 Feb, 2017 | 04:23
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read."

Action-Not Available
Vendor-ytnef_projectn/aDebian GNU/Linux
Product-ytnefdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-17784
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.23%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GIMP
Product-gimpubuntu_linuxdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-6301
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.64%
||
7 Day CHG~0.00%
Published-24 Feb, 2017 | 04:23
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads."

Action-Not Available
Vendor-ytnef_projectn/aDebian GNU/Linux
Product-ytnefdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-6309
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 60.32%
||
7 Day CHG~0.00%
Published-24 Feb, 2017 | 04:23
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.

Action-Not Available
Vendor-tnef_projectn/aDebian GNU/Linux
Product-debian_linuxtnefn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-6310
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.35% / 56.93%
||
7 Day CHG~0.00%
Published-24 Feb, 2017 | 04:23
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.

Action-Not Available
Vendor-tnef_projectn/aDebian GNU/Linux
Product-debian_linuxtnefn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-6305
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 46.07%
||
7 Day CHG~0.00%
Published-24 Feb, 2017 | 04:23
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write."

Action-Not Available
Vendor-ytnef_projectn/aDebian GNU/Linux
Product-ytnefdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0519
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.14%
||
7 Day CHG-0.16%
Published-16 Jan, 2024 | 21:14
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-02-07||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Couchbase, Inc.Google LLCFedora Project
Product-chromecouchbase_serverfedoraChromechromeChromium V8
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-5497
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.66%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 23:02
Updated-13 Feb, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechrome
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-5159
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.26% / 48.66%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 15:11
Updated-13 Feb, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-6455
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.24% / 78.42%
||
7 Day CHG~0.00%
Published-13 Apr, 2020 | 17:31
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-6458
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.80% / 73.16%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 03:46
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Action-Not Available
Vendor-Google LLCDebian GNU/Linux
Product-chromedebian_linuxChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-6609
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.26%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 20:44
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.

Action-Not Available
Vendor-n/aGNUopenSUSE
Product-libredwgbackports_sleleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-6447
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.49% / 80.22%
||
7 Day CHG~0.00%
Published-13 Apr, 2020 | 17:31
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-6806
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-5.21% / 89.55%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 21:14
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxthunderbirdfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-6555
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-1.22% / 78.21%
||
7 Day CHG~0.00%
Published-21 Sep, 2020 | 19:06
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5030
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-63.05% / 98.32%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 23:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||Apply updates per vendor instructions.

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Red Hat, Inc.Google LLCLinux Kernel Organization, IncDebian GNU/Linux
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 57.0.2987.98 for Linux, Windows and Mac, and 57.0.2987.108 for AndroidChromium V8
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-2257
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.63%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in vim/vim

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.

Action-Not Available
Vendor-Fedora ProjectVim
Product-fedoravimvim/vim
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-2286
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.76%
||
7 Day CHG~0.00%
Published-02 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in vim/vim

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.

Action-Not Available
Vendor-Fedora ProjectVim
Product-fedoravimvim/vim
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-2206
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.60%
||
7 Day CHG~0.00%
Published-26 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in vim/vim

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-Fedora ProjectVim
Product-fedoravimvim/vim
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-2183
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-1.06% / 76.73%
||
7 Day CHG~0.00%
Published-23 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in vim/vim

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-Fedora ProjectVim
Product-fedoravimvim/vim
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28609
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.37% / 58.20%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:55
Updated-23 Apr, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_iv().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-2126
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.70%
||
7 Day CHG~0.00%
Published-19 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in vim/vim

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/LinuxApple Inc.
Product-debian_linuxfedoramacosvimvim/vim
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28618
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.32% / 54.42%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:56
Updated-23 Apr, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfloop().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-2175
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.60%
||
7 Day CHG~0.00%
Published-23 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in vim/vim

Buffer Over-read in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-Fedora ProjectVim
Product-fedoravimvim/vim
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28625
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.30% / 52.71%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:56
Updated-23 Apr, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SLoop_of.

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28611
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.38% / 58.78%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:56
Updated-23 Apr, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_first_out_edge().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28606
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.38% / 58.78%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:55
Updated-23 Apr, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_face().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28633
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.38% / 58.78%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:56
Updated-23 Apr, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->prev().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28619
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.32% / 54.42%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:56
Updated-23 Apr, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->twin().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28630
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.38% / 58.78%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:56
Updated-23 Apr, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->snext().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28615
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.32% / 54.42%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:56
Updated-23 Apr, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_last().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28614
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.30% / 52.71%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:56
Updated-23 Apr, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_begin().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28634
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.54% / 66.73%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:56
Updated-23 Apr, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->next().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28604
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.38% / 58.78%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:55
Updated-23 Apr, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_next().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28627
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.30% / 53.16%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:56
Updated-16 Sep, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() ch->shell_entry_objects().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28607
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.30% / 52.71%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:55
Updated-23 Apr, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() set_halfedge().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28621
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.32% / 54.42%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:56
Updated-23 Apr, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->out_sedge().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28610
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.38% / 58.78%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:55
Updated-23 Apr, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_face().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28635
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.43% / 61.83%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:56
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->facet().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28616
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.32% / 54.42%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:56
Updated-23 Apr, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_begin().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28603
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.39% / 59.24%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:55
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_prev().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28623
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.32% / 54.42%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:56
Updated-23 Apr, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->twin().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28605
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.38% / 58.78%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:55
Updated-23 Apr, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_vertex().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-28629
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.30% / 52.71%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:56
Updated-15 Apr, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->sprev().

Action-Not Available
Vendor-cgalCGAL ProjectDebian GNU/Linux
Product-computational_geometry_algorithms_librarydebian_linuxlibcgal
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 70
  • 71
  • Next
Details not found