Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-0801

Summary
Assigner-GitLab
Assigner Org ID-ceab7361-8a18-47b1-92ba-4d7d25f6715a
Published At-13 Feb, 2023 | 00:00
Updated At-21 Mar, 2025 | 19:00
Rejected At-
Credits

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitLab
Assigner Org ID:ceab7361-8a18-47b1-92ba-4d7d25f6715a
Published At:13 Feb, 2023 | 00:00
Updated At:21 Mar, 2025 | 19:00
Rejected At:
▼CVE Numbering Authority (CNA)

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

Affected Products
Vendor
LibTIFFlibtiff
Product
libtiff
Versions
Affected
  • <=4.4.0
Problem Types
TypeCWE IDDescription
textN/AOut-of-bounds write in libtiff
Type: text
CWE ID: N/A
Description: Out-of-bounds write in libtiff
Metrics
VersionBase scoreBase severityVector
3.16.8MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Version: 3.1
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
wangdw.augustus@gmail.com
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
N/A
https://gitlab.com/libtiff/libtiff/-/issues/498
N/A
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json
N/A
https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html
mailing-list
https://www.debian.org/security/2023/dsa-5361
vendor-advisory
https://security.netapp.com/advisory/ntap-20230316-0002/
N/A
https://security.gentoo.org/glsa/202305-31
vendor-advisory
Hyperlink: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
Resource: N/A
Hyperlink: https://gitlab.com/libtiff/libtiff/-/issues/498
Resource: N/A
Hyperlink: https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html
Resource:
mailing-list
Hyperlink: https://www.debian.org/security/2023/dsa-5361
Resource:
vendor-advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20230316-0002/
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/202305-31
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
x_transferred
https://gitlab.com/libtiff/libtiff/-/issues/498
x_transferred
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json
x_transferred
https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html
mailing-list
x_transferred
https://www.debian.org/security/2023/dsa-5361
vendor-advisory
x_transferred
https://security.netapp.com/advisory/ntap-20230316-0002/
x_transferred
https://security.gentoo.org/glsa/202305-31
vendor-advisory
x_transferred
Hyperlink: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
Resource:
x_transferred
Hyperlink: https://gitlab.com/libtiff/libtiff/-/issues/498
Resource:
x_transferred
Hyperlink: https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html
Resource:
mailing-list
x_transferred
Hyperlink: https://www.debian.org/security/2023/dsa-5361
Resource:
vendor-advisory
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20230316-0002/
Resource:
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202305-31
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@gitlab.com
Published At:13 Feb, 2023 | 23:15
Updated At:21 Mar, 2025 | 19:15

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.8MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CPE Matches
LibTIFF
libtiff
>>libtiff>>Versions up to 4.4.0(inclusive)
cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-787Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.jsoncve@gitlab.com
VDB Entry
https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00cve@gitlab.com
Patch
https://gitlab.com/libtiff/libtiff/-/issues/498cve@gitlab.com
Exploit
Issue Tracking
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/02/msg00026.htmlcve@gitlab.com
N/A
https://security.gentoo.org/glsa/202305-31cve@gitlab.com
N/A
https://security.netapp.com/advisory/ntap-20230316-0002/cve@gitlab.com
N/A
https://www.debian.org/security/2023/dsa-5361cve@gitlab.com
N/A
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.jsonaf854a3a-2127-422b-91ae-364da2661108
VDB Entry
https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00af854a3a-2127-422b-91ae-364da2661108
Patch
https://gitlab.com/libtiff/libtiff/-/issues/498af854a3a-2127-422b-91ae-364da2661108
Exploit
Issue Tracking
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/02/msg00026.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/202305-31af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.netapp.com/advisory/ntap-20230316-0002/af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.debian.org/security/2023/dsa-5361af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json
Source: cve@gitlab.com
Resource:
VDB Entry
Hyperlink: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
Source: cve@gitlab.com
Resource:
Patch
Hyperlink: https://gitlab.com/libtiff/libtiff/-/issues/498
Source: cve@gitlab.com
Resource:
Exploit
Issue Tracking
Patch
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html
Source: cve@gitlab.com
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/202305-31
Source: cve@gitlab.com
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20230316-0002/
Source: cve@gitlab.com
Resource: N/A
Hyperlink: https://www.debian.org/security/2023/dsa-5361
Source: cve@gitlab.com
Resource: N/A
Hyperlink: https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
VDB Entry
Hyperlink: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://gitlab.com/libtiff/libtiff/-/issues/498
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Issue Tracking
Patch
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/202305-31
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20230316-0002/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.debian.org/security/2023/dsa-5361
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

416Records found
CVE-2023-27249
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.24%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject at swfobject.c.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-35530
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.68%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 17:52
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.

Action-Not Available
Vendor-librawn/aDebian GNU/Linux
Product-librawdebian_linuxLibRaw
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47086
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.64%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-45587
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.53%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 00:00
Updated-19 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.

Action-Not Available
Vendor-xpdfreadern/a
Product-xpdfn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-45586
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.53%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 00:00
Updated-19 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service.

Action-Not Available
Vendor-xpdfreadern/a
Product-xpdfn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-5310
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-5.5||MEDIUM
EPSS-9.34% / 92.44%
||
7 Day CHG~0.00%
Published-14 Apr, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.

Action-Not Available
Vendor-n/aSymantec CorporationBroadcom Inc.
Product-messaging_gateway_for_service_providersendpoint_protectionendpoint_protection_for_small_businessprotection_engineprotection_for_sharepoint_serversadvanced_threat_protectionsymantec_data_center_security_serveremail_security.cloudendpoint_protection_cloudmail_security_for_dominoweb_gatewayweb_security.cloudcsapimail_security_for_microsoft_exchangemessaging_gatewayn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-24246
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 44.79%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 00:00
Updated-09 Aug, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.

Action-Not Available
Vendor-qpdf_projectn/aqpdf_projectFedora Project
Product-qpdffedoran/aqpdffedora
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44314
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.11%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall.

Action-Not Available
Vendor-picoc_projectn/a
Product-picocn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44318
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.59%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrcat function in cstdlib/string.c when called from ExpressionParseFunctionCall.

Action-Not Available
Vendor-picoc_projectn/a
Product-picocn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44315
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.11%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall.

Action-Not Available
Vendor-picoc_projectn/a
Product-picocn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44874
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 4.92%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fault via the component op_CallIndirect at /m3_exec.h.

Action-Not Available
Vendor-wasm3_projectn/a
Product-wasm3n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44320
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.11%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceFP function in expression.c when called from ExpressionParseFunctionCall.

Action-Not Available
Vendor-picoc_projectn/a
Product-picocn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44317
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.11%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.

Action-Not Available
Vendor-picoc_projectn/a
Product-picocn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44316
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.11%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexGetStringConstant function in lex.c when called from LexScanGetToken.

Action-Not Available
Vendor-picoc_projectn/a
Product-picocn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44312
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.59%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceInteger function in expression.c when called from ExpressionInfixOperator.

Action-Not Available
Vendor-picoc_projectn/a
Product-picocn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44319
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.11%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioBasePrintf function in cstdlib/string.c when called from ExpressionParseFunctionCall.

Action-Not Available
Vendor-picoc_projectn/a
Product-picocn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43152
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.47%
||
7 Day CHG~0.00%
Published-31 Oct, 2022 | 00:00
Updated-06 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tsMuxer v2.6.16 was discovered to contain a heap overflow via the function BitStreamWriter::flushBits() at /tsMuxer/bitStream.h.

Action-Not Available
Vendor-tsmuxer_projectn/a
Product-tsmuxern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43044
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.27%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-09 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43071
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.17%
||
7 Day CHG~0.00%
Published-15 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

Action-Not Available
Vendor-xpdfreadern/a
Product-xpdfn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43148
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.47%
||
7 Day CHG~0.00%
Published-31 Oct, 2022 | 00:00
Updated-06 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rtf2html v0.2.0 was discovered to contain a heap overflow in the component /rtf2html/./rtf_tools.h.

Action-Not Available
Vendor-rtf2html_projectn/a
Product-rtf2htmln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43045
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.66%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-09 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43039
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.92%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-08 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41842
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 49.99%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 04:21
Updated-20 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.

Action-Not Available
Vendor-xpdfreadern/a
Product-xpdfn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41844
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.20%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 04:21
Updated-20 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.

Action-Not Available
Vendor-xpdfreadern/a
Product-xpdfn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41420
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.09%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 13:51
Updated-03 Aug, 2024 | 12:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component

Action-Not Available
Vendor-nasmn/a
Product-netwide_assemblern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40103
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 37.38%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:54
Updated-22 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i9_firmwarei9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40363
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.14%
||
7 Day CHG~0.00%
Published-29 Sep, 2022 | 12:16
Updated-21 May, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices Inc., Flipper Zero before v0.65.2 allows attackers to cause a Denial of Service (DoS) via a crafted NFC file.

Action-Not Available
Vendor-flipperzeron/a
Product-flipper_zero_firmwareflipper_zeron/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-13096
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.60% / 68.61%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 05:00
Updated-05 Aug, 2024 | 08:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSEDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kernelleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-38866
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.70%
||
7 Day CHG~0.00%
Published-15 Sep, 2022 | 00:00
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c . This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.

Action-Not Available
Vendor-mplayerhqn/aDebian GNU/Linux
Product-mplayerdebian_linuxmencodern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38750
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.07%
||
7 Day CHG~0.00%
Published-05 Sep, 2022 | 00:00
Updated-20 Nov, 2024 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS in SnakeYAML

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Action-Not Available
Vendor-snakeyaml_projectsnakeyamlDebian GNU/Linux
Product-debian_linuxsnakeyamlSnakeYAML
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38864
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-15 Sep, 2022 | 00:00
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. This affects mencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1.

Action-Not Available
Vendor-mplayerhqn/aDebian GNU/Linux
Product-mplayerdebian_linuxmencodern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36191
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.62%
||
7 Day CHG~0.00%
Published-17 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36150
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.67%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 20:13
Updated-03 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tifig v0.2.2 was discovered to contain a heap-buffer overflow via __asan_memmove at /asan/asan_interceptors_memintrinsics.cpp.

Action-Not Available
Vendor-monostreamn/a
Product-tifign/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35092
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.36%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 17:10
Updated-22 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via convert_gfxline at /gfxpoly/convert.c.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35113
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.63%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 20:12
Updated-03 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via swf_DefineLosslessBitsTagToImage at /modules/swfbits.c.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35109
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.82%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 20:12
Updated-03 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35098
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.97%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 17:11
Updated-22 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via GfxICCBasedColorSpace::getDefaultColor(GfxColor*) at /xpdf/GfxState.cc.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35090
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.60%
||
7 Day CHG~0.00%
Published-20 Sep, 2022 | 23:56
Updated-28 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via __asan_memcpy at /asan/asan_interceptors_memintrinsics.cpp:.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34502
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 34.99%
||
7 Day CHG~0.00%
Published-22 Jul, 2022 | 14:17
Updated-03 Aug, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35016
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.56%
||
7 Day CHG~0.00%
Published-29 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Advancecomp v2.3 was discovered to contain a heap buffer overflow.

Action-Not Available
Vendor-advancemamen/aFedora Project
Product-fedoraadvancecompn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35099
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.97%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 17:11
Updated-22 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixel(unsigned char*) at /xpdf/Stream.cc.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35080
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.60%
||
7 Day CHG~0.00%
Published-13 Oct, 2022 | 00:00
Updated-15 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_load at /lib/png.c.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35096
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.97%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 17:11
Updated-23 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35104
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.67%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 20:12
Updated-03 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::reset() at /xpdf/Stream.cc.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35086
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.27%
||
7 Day CHG~0.00%
Published-20 Sep, 2022 | 23:56
Updated-28 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35081
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.60%
||
7 Day CHG~0.00%
Published-13 Oct, 2022 | 00:00
Updated-15 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_read_header at /src/png2swf.c.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35097
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.36%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 17:11
Updated-22 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::writeTTF at /xpdf/FoFiTrueType.cc.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35101
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.65%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 20:12
Updated-03 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via /multiarch/memset-vec-unaligned-erms.S.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35015
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.56%
||
7 Day CHG~0.00%
Published-29 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h.

Action-Not Available
Vendor-advancemamen/aFedora Project
Product-fedoraadvancecompn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35095
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.36%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 17:11
Updated-23 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via InfoOutputDev::type3D1 at /pdf/InfoOutputDev.cc.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • Next
Details not found