Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-9137

Summary
Assigner-krcert
Assigner Org ID-cdd7a122-0fae-4202-8d86-14efbacc2863
Published At-25 Apr, 2019 | 17:11
Updated At-04 Aug, 2024 | 21:38
Rejected At-
Credits

DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed Image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:krcert
Assigner Org ID:cdd7a122-0fae-4202-8d86-14efbacc2863
Published At:25 Apr, 2019 | 17:11
Updated At:04 Aug, 2024 | 21:38
Rejected At:
▼CVE Numbering Authority (CNA)

DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed Image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.

Affected Products
Vendor
HumanTalk Co,Ltd
Product
DaviewIndy
Versions
Affected
  • fixed in 8.98.8
Problem Types
TypeCWE IDDescription
CWECWE-190CWE-190 Integer Overflow or Wraparound
Type: CWE
CWE ID: CWE-190
Description: CWE-190 Integer Overflow or Wraparound
Metrics
VersionBase scoreBase severityVector
3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995
x_refsource_MISC
Hyperlink: https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995
x_refsource_MISC
x_transferred
Hyperlink: https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vuln@krcert.or.kr
Published At:25 Apr, 2019 | 18:29
Updated At:25 May, 2022 | 21:00

DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed Image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
hmtalk
hmtalk
>>daviewindy>>Versions up to 8.98.7(inclusive)
cpe:2.3:a:hmtalk:daviewindy:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-190Primarynvd@nist.gov
CWE-190Secondaryvuln@krcert.or.kr
CWE ID: CWE-190
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-190
Type: Secondary
Source: vuln@krcert.or.kr
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995vuln@krcert.or.kr
Third Party Advisory
Hyperlink: https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995
Source: vuln@krcert.or.kr
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

493Records found
CVE-2020-7872
Matching Score-10
Assigner-KrCERT/CC
ShareView Details
Matching Score-10
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.39% / 60.05%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 13:40
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed format file that is mishandled by DaviewIndy. Attackers could exploit this and arbitrary code execution.

Action-Not Available
Vendor-hmtalkHumanTalk
Product-daviewindyDaviewIndy
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-9138
Matching Score-10
Assigner-KrCERT/CC
ShareView Details
Matching Score-10
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.32% / 55.01%
||
7 Day CHG~0.00%
Published-25 Apr, 2019 | 17:19
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PhotoShop file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.

Action-Not Available
Vendor-datoolsHumanTalk Co,Ltd
Product-daviewindyDaviewIndy
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-9139
Matching Score-10
Assigner-KrCERT/CC
ShareView Details
Matching Score-10
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.39% / 60.05%
||
7 Day CHG~0.00%
Published-25 Apr, 2019 | 17:22
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.

Action-Not Available
Vendor-datoolsHumanTalk Co,Ltd
Product-daviewindyDaviewIndy
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-7822
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.39% / 60.05%
||
7 Day CHG~0.00%
Published-04 Aug, 2020 | 14:14
Updated-16 Sep, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DaviewIndy Multiple Vulnerabilities

DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.

Action-Not Available
Vendor-hmtalkHumanTalk Co,LtdMicrosoft Corporation
Product-windowsdaviewindyDaviewIndy
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7818
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.99%
||
7 Day CHG~0.00%
Published-17 Jul, 2020 | 21:05
Updated-17 Sep, 2024 | 03:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DaviewIndy Heap Overflow Vulnerability

DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.

Action-Not Available
Vendor-hmtalkHumanTolk Co.Ltd
Product-daviewindyDaviewIndy
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7828
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.39% / 60.05%
||
7 Day CHG~0.00%
Published-30 Jul, 2020 | 13:30
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DaviewIndy Heap-based Buffer Overflow Vulnerability

DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.

Action-Not Available
Vendor-hmtalkHumanTalkMicrosoft Corporation
Product-windowsdaviewindyDavieIndy
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7852
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.39% / 60.05%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 21:10
Updated-17 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DaviewIndy Heap Overflow Vulnerabilities

DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed ex.j2c format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.

Action-Not Available
Vendor-hmtalkHumanTalkMicrosoft Corporation
Product-windowsdaviewindyDaviewIndy
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7823
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.99%
||
7 Day CHG~0.00%
Published-04 Aug, 2020 | 14:14
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DaviewIndy Multiple Vulnerabilities

DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.

Action-Not Available
Vendor-hmtalkHumanTalk Co,Ltd
Product-daviewindyDaviewIndy
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7829
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.39% / 60.05%
||
7 Day CHG~0.00%
Published-30 Jul, 2020 | 13:27
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DaviewIndy Heap-based Buffer Overflow Vulnerability

DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.

Action-Not Available
Vendor-hmtalkHumanTalkMicrosoft Corporation
Product-windowsdaviewindyDavieIndy
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7816
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7||HIGH
EPSS-1.34% / 80.19%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 13:12
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could allow an unauthenticated, remote attacker to cause an arbitrary code execution on an affected device.nThe vulnerability is due to a stack overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device.

Action-Not Available
Vendor-hmtalkHUMAN TALKMicrosoft Corporation
Product-daofficewindowsdaview_indydava\+DaView Indy, DaVA+, DaOffice
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-9135
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.39% / 60.05%
||
7 Day CHG~0.00%
Published-25 Apr, 2019 | 16:49
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed DIB format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.

Action-Not Available
Vendor-datoolsHumanTalk Co,Ltd
Product-daviewindyDaviewIndy
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9136
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.39% / 60.05%
||
7 Day CHG~0.00%
Published-25 Apr, 2019 | 16:57
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed JPEG2000 format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.

Action-Not Available
Vendor-datoolsHumanTalk Co,Ltd
Product-daviewindyDaviewIndy
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7827
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.53% / 67.33%
||
7 Day CHG~0.00%
Published-30 Jul, 2020 | 13:22
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DaviewIndy Use-After-Free Vulnerability

DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.

Action-Not Available
Vendor-hmtalkHumanTalkMicrosoft Corporation
Product-windowsdaviewindyDavieIndy
CWE ID-CWE-416
Use After Free
CVE-2023-38620
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.10% / 26.71%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `lsb` array.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-15587
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.36%
||
7 Day CHG~0.00%
Published-18 Oct, 2017 | 08:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11.

Action-Not Available
Vendor-n/aArtifex Software Inc.
Product-mupdfn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-11463
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.35%
||
7 Day CHG~0.00%
Published-29 Oct, 2025 | 19:43
Updated-04 Nov, 2025 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26626.

Action-Not Available
Vendor-Vellum Investment Partners, LLC
Product-cobaltCobalt
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-10924
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.21%
||
7 Day CHG~0.00%
Published-29 Oct, 2025 | 19:29
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability

GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FF files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27836.

Action-Not Available
Vendor-GIMP
Product-gimpGIMP
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-39316
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.34%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `string_pointers` array.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-38621
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.45%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `flags` array.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-38622
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.45%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `len` array.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-10923
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.21%
||
7 Day CHG~0.00%
Published-29 Oct, 2025 | 19:29
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability

GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WBMP files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27878.

Action-Not Available
Vendor-GIMP
Product-gimpGIMP
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-5051
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.31% / 54.29%
||
7 Day CHG~0.00%
Published-25 Apr, 2017 | 03:23
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsmacoschromeandroidlinux_kernelGoogle Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-14326
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.43% / 62.76%
||
7 Day CHG~0.00%
Published-16 Jul, 2018 | 00:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h.

Action-Not Available
Vendor-techsmithn/a
Product-mp4v2n/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-2907
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-1.06% / 77.90%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-16 Sep, 2024 | 22:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.

Action-Not Available
Vendor-Debian GNU/LinuxBlender Foundation
Product-blenderdebian_linuxBlender
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-38651
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7||HIGH
EPSS-0.03% / 8.68%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is zero.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-39272
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.08% / 22.63%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `lsb` array.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-38623
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.45%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `vindex_offset` array.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-38650
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7||HIGH
EPSS-0.04% / 10.71%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is not zero.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-39275
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.10%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `value` array.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-38653
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7||HIGH
EPSS-0.03% / 10.52%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is zero.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-38652
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7||HIGH
EPSS-0.05% / 14.19%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is not zero.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-39270
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.91%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `rows` array.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-39271
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.91%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `msb` array.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-38618
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.01%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `rows` array.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-39274
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.10%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `len` array.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-21851
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.52% / 67.11%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 12:23
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “csgp” decoder sample group description indices can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.

Action-Not Available
Vendor-n/aGPAC
Product-gpacGPAC"
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-38619
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.01%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `msb` array.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-39273
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.14%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `flags` array.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-21852
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.59%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 00:00
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.

Action-Not Available
Vendor-n/aGPAC
Product-gpacGPAC"
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-21837
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.51% / 66.55%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 12:43
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGPAC
Product-gpacdebian_linuxGPAC
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-38127
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.20% / 41.65%
||
7 Day CHG~0.00%
Published-19 Oct, 2023 | 17:00
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-justsystemsIchitaro 2023
Product-just_government_4just_office_3ichitaro_pro_4ichitaro_pro_3ichitaro_government_8just_office_5ichitaro_government_9ichitaro_2021ichitaro_government_10just_police_5easy_postcard_maxichitaro_2022ichitaro_2023just_office_4just_police_4ichitaro_pro_5just_government_3just_government_5just_police_3Ichitaro 2023
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-21859
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.61% / 69.95%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 19:07
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open a video to trigger this vulnerability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGPAC
Product-gpacdebian_linuxGPAC Project
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-36866
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.48% / 65.33%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-27 Feb, 2025 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Visio Remote Code Execution Vulnerability

Microsoft Office Visio Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Visio 2016Microsoft Office 2019
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-36792
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.97% / 76.87%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 16:58
Updated-30 Oct, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2008visual_studio_2019windows_11_21h2windows_server_2022.net_frameworkwindows_10_21h2windows_10_1809visual_studio_2022.netwindows_10_22h2windows_11_22h2visual_studio_2017windows_server_2019windows_10_1607Microsoft Visual Studio 2022 version 17.6Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.5.1Microsoft .NET Framework 3.5 and 4.6.2Microsoft .NET Framework 3.5.NET 7.0.NET 6.0Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.5 AND 4.8PowerShell 7.2Microsoft .NET Framework 3.5 AND 4.7.2Microsoft .NET Framework 4.8Microsoft Visual Studio 2022 version 17.2Microsoft Visual Studio 2022 version 17.4Microsoft .NET Framework 3.0 Service Pack 2Microsoft Visual Studio 2022 version 17.7Microsoft .NET Framework 4.6.2Microsoft .NET Framework 3.5 AND 4.8.1Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-35989
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.33%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-21948
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.77%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 19:56
Updated-15 Apr, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the readDatHeadVec functionality of AnyCubic Chitubox AnyCubic Plugin 1.0.0. A specially-crafted GF file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-chituboxanycubicAnyCubicChitubox
Product-chituboxchitubox_basicChitubox AnyCubic PluginChitubox Basic
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-35992
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7||HIGH
EPSS-0.04% / 12.14%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-21850
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.42% / 62.01%
||
7 Day CHG~0.00%
Published-25 Aug, 2021 | 18:26
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGPAC
Product-gpacdebian_linuxGPAC Project
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-36916
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.72%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 14:47
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table_lengths` array.

Action-Not Available
Vendor-tonybybellGTKWave
Product-gtkwaveGTKWave
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-36593
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.65% / 71.04%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found