Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-46168

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-14 Jan, 2022 | 20:02
Updated At-04 Aug, 2024 | 05:02
Rejected At-
Credits

Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() at spinlex.c.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:14 Jan, 2022 | 20:02
Updated At:04 Aug, 2024 | 05:02
Rejected At:
▼CVE Numbering Authority (CNA)

Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() at spinlex.c.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/nimble-code/Spin/issues/56
x_refsource_MISC
Hyperlink: https://github.com/nimble-code/Spin/issues/56
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/nimble-code/Spin/issues/56
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/nimble-code/Spin/issues/56
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 Jan, 2022 | 21:15
Updated At:10 Feb, 2022 | 15:16

Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() at spinlex.c.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
spinroot
spinroot
>>spin>>6.5.1
cpe:2.3:a:spinroot:spin:6.5.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/nimble-code/Spin/issues/56cve@mitre.org
Exploit
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://github.com/nimble-code/Spin/issues/56
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

557Records found
CVE-2022-24197
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.55% / 66.90%
||
7 Day CHG+0.36%
Published-01 Feb, 2022 | 00:00
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

Action-Not Available
Vendor-itextpdfn/a
Product-itextn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-17229
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.55% / 66.85%
||
7 Day CHG~0.00%
Published-19 Sep, 2018 | 22:00
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.

Action-Not Available
Vendor-n/aExiv2
Product-exiv2n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-29579
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.64%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 00:00
Updated-02 Aug, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.

Action-Not Available
Vendor-yasm_projectn/a
Product-yasmn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-29583
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 9.89%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 00:00
Updated-02 Aug, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.

Action-Not Available
Vendor-yasm_projectn/ayasm_project
Product-yasmn/ayasm
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23891
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.04%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:26
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A User Mode Write AV in Editor+0x5cd7 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.

Action-Not Available
Vendor-wildbit-softn/a
Product-wildbit_viewern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-22675
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.56%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 20:37
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30402
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.38%
||
7 Day CHG~0.00%
Published-25 Apr, 2023 | 00:00
Updated-02 Aug, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.

Action-Not Available
Vendor-yasm_projectn/a
Product-yasmn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23897
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.04%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:26
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A User Mode Write AV in Editor!TMethodImplementationIntercept+0x54dcec of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.

Action-Not Available
Vendor-wildbit-softn/a
Product-wildbit_viewern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23852
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.40%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 14:12
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c (line 544 & line 545), which could cause a denial of service by submitting a malicious jpeg image.

Action-Not Available
Vendor-rockcarryn/a
Product-ffjpegn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23706
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 55.00%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 21:55
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_subsequent_scan() ok_jpg.c:1102 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.

Action-Not Available
Vendor-ok-file-formats_projectn/a
Product-ok-file-formatsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23266
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.23%
||
7 Day CHG~0.00%
Published-21 Sep, 2021 | 23:04
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function in odf_code.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23896
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.04%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:26
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A User Mode Write AV in Editor+0x576b of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.

Action-Not Available
Vendor-wildbit-softn/a
Product-wildbit_viewern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23901
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.04%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:26
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A User Mode Write AV in Editor+0x5d15 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.

Action-Not Available
Vendor-wildbit-softn/a
Product-wildbit_viewern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23707
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.49% / 64.41%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 21:55
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.

Action-Not Available
Vendor-ok-file-formats_projectn/a
Product-ok-file-formatsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-22899
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.06%
||
7 Day CHG~0.00%
Published-17 Feb, 2022 | 12:51
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service (DoS) via a crafted packet through the SSH service.

Action-Not Available
Vendor-coreftpn/a
Product-core_ftpn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-41437
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.99%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 00:00
Updated-13 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.

Action-Not Available
Vendor-dbohdann/a
Product-hicolorn/a
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-40841
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.33%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:22
Updated-12 Dec, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-41443
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.56%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 00:00
Updated-19 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow in the function cp_dynamic() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.

Action-Not Available
Vendor-dbohdann/a
Product-hicolorn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23910
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 8.68%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 00:00
Updated-28 Oct, 2024 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability in asn1c through v0.9.28 via function genhash_get in genhash.c.

Action-Not Available
Vendor-asn1c_projectn/a
Product-asn1cn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23273
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 37.52%
||
7 Day CHG~0.00%
Published-21 Sep, 2021 | 23:04
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-tcpreplayn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23898
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.04%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:26
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A User Mode Write AV in Editor+0x5ea2 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.

Action-Not Available
Vendor-wildbit-softn/a
Product-wildbit_viewern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23899
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.04%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:26
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A User Mode Write AV in Editor+0x5f91 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.

Action-Not Available
Vendor-wildbit-softn/a
Product-wildbit_viewern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-26965
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.57%
||
7 Day CHG~0.00%
Published-14 Jun, 2023 | 00:00
Updated-06 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23887
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.67%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:25
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33.

Action-Not Available
Vendor-n/aXnView (XnSoft)
Product-xnview_mpn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27249
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.28%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject at swfobject.c.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23889
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.04%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:26
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A User Mode Write AV starting at Editor!TMethodImplementationIntercept+0x4189c6 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted ico file.

Action-Not Available
Vendor-wildbit-softn/a
Product-wildbit_viewern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-22678
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.56%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 20:37
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23904
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 49.95%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:26
Updated-04 Aug, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program.

Action-Not Available
Vendor-xiphn/a
Product-speexn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23893
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.04%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:26
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A User Mode Write AV in Editor!TMethodImplementationIntercept+0x3c3682 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.

Action-Not Available
Vendor-wildbit-softn/a
Product-wildbit_viewern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23861
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.45%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 15:02
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23269
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 37.52%
||
7 Day CHG~0.00%
Published-21 Sep, 2021 | 23:04
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function in isomedia/stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23851
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.40%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 14:03
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c:513:28, which could cause a denial of service by submitting a malicious jpeg image.

Action-Not Available
Vendor-rockcarryn/a
Product-ffjpegn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-18781
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.57%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-04 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.

Action-Not Available
Vendor-audiofilen/a
Product-audiofilen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23895
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.04%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:26
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A User Mode Write AV in Editor+0x76af of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.

Action-Not Available
Vendor-wildbit-softn/a
Product-wildbit_viewern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23886
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.38% / 58.68%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:25
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree.

Action-Not Available
Vendor-n/aXnView (XnSoft)
Product-xnview_mpn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-23888
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.04%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:25
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A User Mode Write AV in Editor!TMethodImplementationIntercept+0x53f6c3 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted psd file.

Action-Not Available
Vendor-wildbit-softn/a
Product-wildbit_viewern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-19469
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 34.46%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 17:10
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been found in function DCTStream::reset in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid write of size 8 .

Action-Not Available
Vendor-flowpapern/a
Product-pdf2jsonn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21599
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.68%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 00:00
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.

Action-Not Available
Vendor-strukturn/aDebian GNU/Linux
Product-debian_linuxlibde265n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21529
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.03%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 00:00
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.

Action-Not Available
Vendor-xfig_projectn/aDebian GNU/Linux
Product-fig2devdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21602
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.08%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 00:00
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.

Action-Not Available
Vendor-strukturn/a
Product-libde265n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21594
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.93%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 00:00
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.

Action-Not Available
Vendor-strukturn/a
Product-libde265n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-19609
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.45% / 62.82%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 14:10
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.

Action-Not Available
Vendor-n/aDebian GNU/LinuxArtifex Software Inc.
Product-debian_linuxmupdfn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21047
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.28%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-07 Oct, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.

Action-Not Available
Vendor-elfutils_projectn/a
Product-elfutilsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21601
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.93%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 00:00
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.

Action-Not Available
Vendor-strukturn/a
Product-libde265n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21687
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.48% / 64.03%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.

Action-Not Available
Vendor-nasmn/a
Product-netwide_assemblern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21603
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.93%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 00:00
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.

Action-Not Available
Vendor-strukturn/a
Product-libde265n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21604
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.93%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 00:00
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.

Action-Not Available
Vendor-strukturn/a
Product-libde265n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-19475
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 34.46%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 17:11
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been found in function CCITTFaxStream::lookChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid write of size 2 .

Action-Not Available
Vendor-flowpapern/a
Product-pdf2jsonn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21597
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 39.13%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 00:00
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.

Action-Not Available
Vendor-strukturn/aDebian GNU/Linux
Product-debian_linuxlibde265n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-19721
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 62.04%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 21:33
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS).

Action-Not Available
Vendor-n/aAxiomatic Systems, LLC
Product-bento4n/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 11
  • 12
  • Next
Details not found