Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-3324

Summary
Assigner-@huntrdev
Assigner Org ID-c09c270a-b464-47c1-9133-acb35b22c19a
Published At-27 Sep, 2022 | 00:00
Updated At-03 Nov, 2025 | 20:34
Rejected At-
Credits

Stack-based Buffer Overflow in vim/vim

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:@huntrdev
Assigner Org ID:c09c270a-b464-47c1-9133-acb35b22c19a
Published At:27 Sep, 2022 | 00:00
Updated At:03 Nov, 2025 | 20:34
Rejected At:
▼CVE Numbering Authority (CNA)
Stack-based Buffer Overflow in vim/vim

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.

Affected Products
Vendor
Vimvim
Product
vim/vim
Versions
Affected
  • From unspecified before 9.0.0598 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121 Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121 Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c
N/A
https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/
vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
mailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/
vendor-advisory
https://security.gentoo.org/glsa/202305-16
vendor-advisory
Hyperlink: https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c
Resource: N/A
Hyperlink: https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/
Resource:
vendor-advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/
Resource:
vendor-advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
Resource:
mailing-list
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/
Resource:
vendor-advisory
Hyperlink: https://security.gentoo.org/glsa/202305-16
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c
x_transferred
https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/
vendor-advisory
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/
vendor-advisory
x_transferred
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
mailing-list
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/
vendor-advisory
x_transferred
https://security.gentoo.org/glsa/202305-16
vendor-advisory
x_transferred
https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html
N/A
Hyperlink: https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c
Resource:
x_transferred
Hyperlink: https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/
Resource:
vendor-advisory
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/
Resource:
vendor-advisory
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
Resource:
mailing-list
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/
Resource:
vendor-advisory
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202305-16
Resource:
vendor-advisory
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@huntr.dev
Published At:27 Sep, 2022 | 23:15
Updated At:03 Nov, 2025 | 21:15

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Vim
vim
>>vim>>Versions before 9.0.0598(exclusive)
cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>35
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>36
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>37
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-121Secondarysecurity@huntr.dev
CWE-787Secondarynvd@nist.gov
CWE ID: CWE-121
Type: Secondary
Source: security@huntr.dev
CWE ID: CWE-787
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfebsecurity@huntr.dev
Patch
Third Party Advisory
https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403csecurity@huntr.dev
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlsecurity@huntr.dev
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/security@huntr.dev
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/security@huntr.dev
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/security@huntr.dev
N/A
https://security.gentoo.org/glsa/202305-16security@huntr.dev
N/A
https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfebaf854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403caf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/03/msg00023.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/202305-16af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb
Source: security@huntr.dev
Resource:
Patch
Third Party Advisory
Hyperlink: https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c
Source: security@huntr.dev
Resource:
Exploit
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
Source: security@huntr.dev
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/
Source: security@huntr.dev
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/
Source: security@huntr.dev
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/
Source: security@huntr.dev
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/202305-16
Source: security@huntr.dev
Resource: N/A
Hyperlink: https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/202305-16
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4624Records found
CVE-2021-45911
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 54.58%
||
7 Day CHG~0.00%
Published-28 Dec, 2021 | 00:01
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.

Action-Not Available
Vendor-gif2apng_projectn/aDebian GNU/Linux
Product-gif2apngdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42532
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.51% / 66.80%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 22:24
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution

XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-debian_linuxxmp_toolkit_software_development_kitXMP Toolkit
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-42529
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.44% / 63.56%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 22:24
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution

XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-debian_linuxxmp_toolkit_software_development_kitXMP Toolkit
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42530
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.44% / 63.56%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 22:24
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution

XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-debian_linuxxmp_toolkit_software_development_kitXMP Toolkit
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-4019
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.61%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 00:00
Updated-29 May, 2026 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-neovimVimDebian GNU/LinuxFedora Project
Product-neovimvimdebian_linuxfedoravim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3984
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.18% / 39.21%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-Fedora ProjectVimDebian GNU/Linux
Product-vimdebian_linuxfedoravim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-4738
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.68%
||
7 Day CHG~0.00%
Published-02 Sep, 2023 | 19:39
Updated-03 Nov, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.

Action-Not Available
Vendor-VimApple Inc.
Product-macosvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3875
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.47% / 65.00%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 13:40
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-Fedora ProjectVim
Product-fedoravimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3973
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.36% / 58.56%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 11:35
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-Fedora ProjectVimDebian GNU/Linux
Product-vimdebian_linuxfedoravim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3927
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.25% / 49.09%
||
7 Day CHG~0.00%
Published-05 Nov, 2021 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-Fedora ProjectVimDebian GNU/Linux
Product-vimdebian_linuxfedoravim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3778
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.39% / 60.28%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-NetApp, Inc.Fedora ProjectVimDebian GNU/Linux
Product-ontap_select_deploy_administration_utilityvimdebian_linuxfedoravim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-7487
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.05%
||
7 Day CHG~0.00%
Published-26 Feb, 2018 | 15:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. A Crafted input will lead to a denial of service or possibly unspecified other impact.

Action-Not Available
Vendor-sam2p_projectn/aDebian GNU/Linux
Product-debian_linuxsam2pn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-36046
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.35% / 58.10%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 14:31
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMP Toolkit SDK TIFF_MemoryReader::SortIFD function Memory Corruption

XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-debian_linuxxmp_toolkit_software_development_kitXMP Toolkit
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CVE-2018-20196
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 58.42%
||
7 Day CHG~0.00%
Published-18 Dec, 2018 | 01:00
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.

Action-Not Available
Vendor-audiocodingn/aDebian GNU/Linux
Product-freeware_advanced_audio_decoder_2debian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20763
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 56.03%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 23:00
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GPAC
Product-gpacubuntu_linuxdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3575
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.33% / 56.43%
||
7 Day CHG~0.00%
Published-04 Mar, 2022 | 17:20
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.

Action-Not Available
Vendor-uclouvainn/aFedora ProjectRed Hat, Inc.
Product-fedoraopenjpegenterprise_linuxOpenJPEG
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-19490
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.22% / 45.08%
||
7 Day CHG~0.00%
Published-23 Nov, 2018 | 17:00
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.

Action-Not Available
Vendor-gnuplotn/aDebian GNU/LinuxopenSUSE
Product-debian_linuxgnuplotleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-36052
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.93% / 86.77%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 14:32
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMPToolkit SDK ImportTIFF_CheckStandardMapping Memory Corruption

XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-debian_linuxxmp_toolkit_software_development_kitXMP Toolkit
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CVE-2021-3500
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.46%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 18:02
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences.

Action-Not Available
Vendor-djvulibre_projectn/aDebian GNU/Linux
Product-djvulibredebian_linuxdjvulibre
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3404
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-2.36% / 85.32%
||
7 Day CHG~0.00%
Published-04 Mar, 2021 | 21:10
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.

Action-Not Available
Vendor-ytnef_projectn/aRed Hat, Inc.Fedora Project
Product-fedoraytnefenterprise_linuxytnef
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0770
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.61%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-02 Aug, 2024 | 05:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in gpac/gpac

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.

Action-Not Available
Vendor-Debian GNU/LinuxGPAC
Product-gpacdebian_linuxgpac/gpac
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-10536
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.96% / 77.01%
||
7 Day CHG~0.00%
Published-29 Apr, 2018 | 15:00
Updated-05 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.

Action-Not Available
Vendor-wavpackn/aDebian GNU/Linux
Product-debian_linuxwavpackn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-10120
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.50% / 66.45%
||
7 Day CHG~0.00%
Published-15 Apr, 2018 | 16:00
Updated-05 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record.

Action-Not Available
Vendor-libreofficen/aCanonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_workstationlibreofficeenterprise_linux_desktopn/a
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-12608
Matching Score-10
Assigner-Apache Software Foundation
ShareView Details
Matching Score-10
Assigner-Apache Software Foundation
CVSS Score-7.8||HIGH
EPSS-1.15% / 78.98%
||
7 Day CHG~0.00%
Published-20 Nov, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Debian GNU/LinuxThe Apache Software Foundation
Product-debian_linuxopenofficeApache OpenOffice
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32490
Matching Score-10
Assigner-Fedora Project
ShareView Details
Matching Score-10
Assigner-Fedora Project
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.22%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 18:18
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences.

Action-Not Available
Vendor-djvulibre_projectn/aDebian GNU/Linux
Product-djvulibredebian_linuxdjvulibre
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32493
Matching Score-10
Assigner-Fedora Project
ShareView Details
Matching Score-10
Assigner-Fedora Project
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.46%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 18:24
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.

Action-Not Available
Vendor-djvulibre_projectn/aDebian GNU/Linux
Product-djvulibredebian_linuxdjvulibre
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32272
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 51.37%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:26
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution.

Action-Not Available
Vendor-faad2_projectn/aDebian GNU/Linux
Product-debian_linuxfaad2n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32273
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.16%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:26
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution.

Action-Not Available
Vendor-faad2_projectn/aDebian GNU/Linux
Product-debian_linuxfaad2n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0054
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.02% / 7.27%
||
7 Day CHG~0.00%
Published-04 Jan, 2023 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Write in vim/vim

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.

Action-Not Available
Vendor-Vim
Product-vimvim/vim
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32278
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.47%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:26
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution.

Action-Not Available
Vendor-faad2_projectn/aDebian GNU/Linux
Product-debian_linuxfaad2n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-36430
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 54.81%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 06:47
Updated-04 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.

Action-Not Available
Vendor-libass_projectn/aFedora Project
Product-libassfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30846
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.42% / 62.40%
||
7 Day CHG~0.00%
Published-19 Oct, 2021 | 13:11
Updated-03 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectApple Inc.
Product-iphone_osdebian_linuxipadostvoswatchossafarifedoramacostvOSSafariwatchOSiOS and iPadOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39832
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.14%
||
7 Day CHG~0.00%
Published-05 Sep, 2022 | 04:12
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Action-Not Available
Vendor-n/aGNUFedora Project
Product-fedorapsppn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39831
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.14%
||
7 Day CHG~0.00%
Published-05 Sep, 2022 | 04:12
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230.

Action-Not Available
Vendor-n/aGNUFedora Project
Product-fedorapsppn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37047
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 26.75%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940.

Action-Not Available
Vendor-n/aFedora ProjectBroadcom Inc.
Product-tcpreplayfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3491
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4||MEDIUM
EPSS-0.02% / 6.21%
||
7 Day CHG~0.00%
Published-03 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.

Action-Not Available
Vendor-Vim
Product-vimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2862
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-4.56% / 89.48%
||
7 Day CHG~0.00%
Published-05 Sep, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.

Action-Not Available
Vendor-Debian GNU/LinuxThe GNOME Project
Product-gdk-pixbufdebian_linuxGdk-Pixbuf
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30499
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.07%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 23:50
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences.

Action-Not Available
Vendor-libcaca_projectn/aFedora Project
Product-fedoralibcacalibcaca
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-26664
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.46%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 17:40
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.

Action-Not Available
Vendor-n/aVideoLANDebian GNU/Linux
Product-vlc_media_playerdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-6309
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.44% / 63.87%
||
7 Day CHG~0.00%
Published-24 Feb, 2017 | 04:23
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.

Action-Not Available
Vendor-tnef_projectn/aDebian GNU/Linux
Product-tnefdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-6305
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 56.49%
||
7 Day CHG~0.00%
Published-24 Feb, 2017 | 04:23
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write."

Action-Not Available
Vendor-ytnef_projectn/aDebian GNU/Linux
Product-ytnefdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23947
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.31% / 54.73%
||
7 Day CHG-0.47%
Published-04 Feb, 2022 | 22:28
Updated-15 Apr, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-kicadn/aFedora ProjectDebian GNU/Linux
Product-debian_linuxfedorakicad_edaKiCad
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30498
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.04%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 00:00
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences.

Action-Not Available
Vendor-libcaca_projectn/aFedora Project
Product-fedoralibcacalibcaca
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23946
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.31% / 54.73%
||
7 Day CHG-0.22%
Published-04 Feb, 2022 | 22:28
Updated-15 Apr, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-kicadn/aFedora ProjectDebian GNU/Linux
Product-debian_linuxfedorakicad_edaKiCad
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-6060
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.56% / 85.87%
||
7 Day CHG~0.00%
Published-15 Mar, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.

Action-Not Available
Vendor-n/aDebian GNU/LinuxArtifex Software Inc.
Product-debian_linuxmupdfn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23803
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.41% / 62.18%
||
7 Day CHG-0.17%
Published-16 Feb, 2022 | 16:38
Updated-15 Apr, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-kicadn/aFedora ProjectDebian GNU/Linux
Product-edadebian_linuxfedoraKiCad
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-6307
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.44% / 63.87%
||
7 Day CHG~0.00%
Published-24 Feb, 2017 | 04:23
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.

Action-Not Available
Vendor-tnef_projectn/aDebian GNU/Linux
Product-tnefdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-6310
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.35% / 58.18%
||
7 Day CHG~0.00%
Published-24 Feb, 2017 | 04:23
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.

Action-Not Available
Vendor-tnef_projectn/aDebian GNU/Linux
Product-tnefdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23804
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.47% / 65.24%
||
7 Day CHG-0.20%
Published-16 Feb, 2022 | 16:38
Updated-15 Apr, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-kicadn/aFedora ProjectDebian GNU/Linux
Product-edadebian_linuxfedoraKiCad
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5510
Matching Score-10
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-10
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-0.26% / 50.04%
||
7 Day CHG~0.00%
Published-24 Mar, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 92
  • 93
  • Next
Details not found