Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-10921

Summary
Assigner-zdi
Assigner Org ID-99f1926a-a320-47d8-bbb5-42feb611262e
Published At-29 Oct, 2025 | 19:29
Updated At-26 Feb, 2026 | 16:56
Rejected At-
Credits

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27803.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:zdi
Assigner Org ID:99f1926a-a320-47d8-bbb5-42feb611262e
Published At:29 Oct, 2025 | 19:29
Updated At:26 Feb, 2026 | 16:56
Rejected At:
â–¼CVE Numbering Authority (CNA)
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27803.

Affected Products
Vendor
GIMPGIMP
Product
GIMP
Default Status
unknown
Versions
Affected
  • 3.0.4
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122: Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122: Heap-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zerodayinitiative.com/advisories/ZDI-25-910/
x_research-advisory
https://gitlab.gnome.org/GNOME/gegl/-/commit/0e68b7471dabf2800d780819c19bd5e6462f565f
vendor-advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-25-910/
Resource:
x_research-advisory
Hyperlink: https://gitlab.gnome.org/GNOME/gegl/-/commit/0e68b7471dabf2800d780819c19bd5e6462f565f
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2025/10/msg00021.html
N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/10/msg00021.html
Resource: N/A
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:zdi-disclosures@trendmicro.com
Published At:29 Oct, 2025 | 20:15
Updated At:04 Nov, 2025 | 17:08

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27803.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
GIMP
gimp
>>gimp>>3.0.4
cpe:2.3:a:gimp:gimp:3.0.4:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-122Secondaryzdi-disclosures@trendmicro.com
CWE-787Primarynvd@nist.gov
CWE ID: CWE-122
Type: Secondary
Source: zdi-disclosures@trendmicro.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gitlab.gnome.org/GNOME/gegl/-/commit/0e68b7471dabf2800d780819c19bd5e6462f565fzdi-disclosures@trendmicro.com
Patch
https://www.zerodayinitiative.com/advisories/ZDI-25-910/zdi-disclosures@trendmicro.com
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00021.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Hyperlink: https://gitlab.gnome.org/GNOME/gegl/-/commit/0e68b7471dabf2800d780819c19bd5e6462f565f
Source: zdi-disclosures@trendmicro.com
Resource:
Patch
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-25-910/
Source: zdi-disclosures@trendmicro.com
Resource:
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/10/msg00021.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List

Change History

0
Information is not available yet

Similar CVEs

2030Records found
CVE-2026-2048
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.50%
||
7 Day CHG+0.02%
Published-20 Feb, 2026 | 22:23
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28591.

Action-Not Available
Vendor-GIMP
Product-GIMP
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-2045
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.50%
||
7 Day CHG+0.02%
Published-20 Feb, 2026 | 22:23
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28265.

Action-Not Available
Vendor-GIMP
Product-GIMP
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-2047
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.03%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 22:23
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28530.

Action-Not Available
Vendor-GIMP
Product-GIMP
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-0797
Matching Score-10
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-10
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.34%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 22:10
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28599.

Action-Not Available
Vendor-GIMP
Product-GIMP
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-3872
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.25%
||
7 Day CHG+0.01%
Published-19 Oct, 2021 | 12:30
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/Linux
Product-fedoradebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3778
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.38% / 58.99%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-NetApp, Inc.Fedora ProjectVimDebian GNU/Linux
Product-ontap_select_deploy_administration_utilityvimdebian_linuxfedoravim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-36046
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.35% / 57.17%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 14:31
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMP Toolkit SDK TIFF_MemoryReader::SortIFD function Memory Corruption

XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-debian_linuxxmp_toolkit_software_development_kitXMP Toolkit
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CVE-2021-36050
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.78% / 73.45%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 14:32
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMP Toolkit SDK Heap-based Buffer Overflow Could Lead To Arbitrary Code Execution

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-debian_linuxxmp_toolkit_software_development_kitXMP Toolkit
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-4781
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.78%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 18:32
Updated-03 Nov, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-macosdebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-23947
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.55% / 67.44%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:28
Updated-15 Apr, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-kicadn/aFedora ProjectDebian GNU/Linux
Product-debian_linuxfedorakicad_edaKiCad
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-44441
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-11.74% / 93.55%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-04 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DDS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-22093.

Action-Not Available
Vendor-GIMP
Product-gimpGIMPgimp
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-44442
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-58.73% / 98.17%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-04 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Was ZDI-CAN-22094.

Action-Not Available
Vendor-GIMP
Product-gimpGIMPgimp
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2017-6309
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.44% / 62.95%
||
7 Day CHG~0.00%
Published-24 Feb, 2017 | 04:23
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.

Action-Not Available
Vendor-tnef_projectn/aDebian GNU/Linux
Product-debian_linuxtnefn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-6307
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.44% / 62.95%
||
7 Day CHG~0.00%
Published-24 Feb, 2017 | 04:23
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.

Action-Not Available
Vendor-tnef_projectn/aDebian GNU/Linux
Product-debian_linuxtnefn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-6310
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.35% / 57.26%
||
7 Day CHG~0.00%
Published-24 Feb, 2017 | 04:23
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.

Action-Not Available
Vendor-tnef_projectn/aDebian GNU/Linux
Product-debian_linuxtnefn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-6305
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.54%
||
7 Day CHG~0.00%
Published-24 Feb, 2017 | 04:23
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write."

Action-Not Available
Vendor-ytnef_projectn/aDebian GNU/Linux
Product-ytnefdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-17969
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.26% / 86.90%
||
7 Day CHG~0.00%
Published-30 Jan, 2018 | 16:00
Updated-10 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.

Action-Not Available
Vendor-7-zipn/aDebian GNU/Linux
Product-p7zip7-zipdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0770
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.13%
||
7 Day CHG+0.01%
Published-09 Feb, 2023 | 00:00
Updated-02 Aug, 2024 | 05:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in gpac/gpac

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.

Action-Not Available
Vendor-Debian GNU/LinuxGPAC
Product-gpacdebian_linuxgpac/gpac
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-8654
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.95%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 16:00
Updated-06 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.

Action-Not Available
Vendor-JasPerDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopjasperjasper
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-14970
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.64% / 70.08%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 18:55
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.

Action-Not Available
Vendor-n/aVideoLANDebian GNU/Linux
Product-vlc_media_playerdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23946
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.75% / 72.83%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:28
Updated-15 Apr, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-kicadn/aFedora ProjectDebian GNU/Linux
Product-debian_linuxfedorakicad_edaKiCad
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23804
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.95% / 76.04%
||
7 Day CHG~0.00%
Published-16 Feb, 2022 | 16:38
Updated-15 Apr, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-kicadn/aFedora ProjectDebian GNU/Linux
Product-edadebian_linuxfedoraKiCad
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-2304
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.80%
||
7 Day CHG~0.00%
Published-05 Jul, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in vim/vim

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/Linux
Product-fedoradebian_linuxvimvim/vim
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-11221
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 40.07%
||
7 Day CHG~0.00%
Published-12 Apr, 2019 | 19:04
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGPAC
Product-gpacdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-2129
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.30%
||
7 Day CHG~0.00%
Published-19 Jun, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Write in vim/vim

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/Linux
Product-fedoradebian_linuxvimvim/vim
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-1834
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-2.37% / 84.69%
||
7 Day CHG~0.00%
Published-20 May, 2016 | 10:00
Updated-04 Dec, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

Action-Not Available
Vendor-n/aApple Inc.Canonical Ltd.Red Hat, Inc.McAfee, LLCDebian GNU/Linuxlibxml2 (XMLSoft)
Product-libxml2enterprise_linux_server_tusubuntu_linuxwatchosenterprise_linux_server_eusenterprise_linux_workstationweb_gatewayenterprise_linux_server_ausenterprise_linux_desktopmac_os_xenterprise_linux_serverdebian_linuxtvosiphone_osn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-1942
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.83% / 74.18%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-Fedora ProjectApple Inc.VimDebian GNU/Linux
Product-fedoradebian_linuxvimmacosvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-1897
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.53% / 66.61%
||
7 Day CHG~0.00%
Published-27 May, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Write in vim/vim

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-Fedora ProjectApple Inc.VimDebian GNU/Linux
Product-fedoradebian_linuxvimmacosvim/vim
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-2000
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.75%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Write in vim/vim

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-Fedora ProjectApple Inc.VimDebian GNU/Linux
Product-fedoradebian_linuxvimmacosvim/vim
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2761
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.45%
||
7 Day CHG~0.00%
Published-23 Apr, 2025 | 16:47
Updated-03 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25100.

Action-Not Available
Vendor-GIMP
Product-gimpGIMP
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-10536
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.00% / 76.73%
||
7 Day CHG~0.00%
Published-29 Apr, 2018 | 15:00
Updated-05 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.

Action-Not Available
Vendor-wavpackn/aDebian GNU/Linux
Product-debian_linuxwavpackn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-7487
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.20% / 41.85%
||
7 Day CHG~0.00%
Published-26 Feb, 2018 | 15:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. A Crafted input will lead to a denial of service or possibly unspecified other impact.

Action-Not Available
Vendor-sam2p_projectn/aDebian GNU/Linux
Product-debian_linuxsam2pn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23803
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-1.28% / 79.35%
||
7 Day CHG~0.00%
Published-16 Feb, 2022 | 16:38
Updated-15 Apr, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-kicadn/aFedora ProjectDebian GNU/Linux
Product-edadebian_linuxfedoraKiCad
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-15059
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.89%
||
7 Day CHG+0.01%
Published-23 Jan, 2026 | 02:49
Updated-26 Feb, 2026 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28232.

Action-Not Available
Vendor-GIMP
Product-gimpGIMP
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-14425
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.68%
||
7 Day CHG~0.00%
Published-23 Dec, 2025 | 21:31
Updated-20 Jan, 2026 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28248.

Action-Not Available
Vendor-GIMP
Product-gimpGIMP
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2018-5345
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.75% / 72.86%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 00:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxThe GNOME ProjectFedora ProjectRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_eusgcabenterprise_linux_server_ausenterprise_linux_workstationfedoraenterprise_linux_server_tusenterprise_linux_desktopn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-10120
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.50% / 65.47%
||
7 Day CHG~0.00%
Published-15 Apr, 2018 | 16:00
Updated-05 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record.

Action-Not Available
Vendor-libreofficen/aCanonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_workstationlibreofficeenterprise_linux_desktopn/a
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-10922
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.69%
||
7 Day CHG+0.01%
Published-29 Oct, 2025 | 19:29
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27863.

Action-Not Available
Vendor-Debian GNU/LinuxGIMP
Product-debian_linuxgimpGIMP
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-10920
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.07%
||
7 Day CHG+0.01%
Published-29 Oct, 2025 | 19:29
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27684.

Action-Not Available
Vendor-GIMP
Product-gimpGIMP
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20763
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.37%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 23:00
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GPAC
Product-gpacubuntu_linuxdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20760
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.37%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 23:00
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GPAC
Product-gpacubuntu_linuxdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-10925
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.51%
||
7 Day CHG+0.01%
Published-29 Oct, 2025 | 19:29
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ILBM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27793.

Action-Not Available
Vendor-GIMP
Product-gimpGIMP
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-10934
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.92%
||
7 Day CHG+0.04%
Published-29 Oct, 2025 | 19:58
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27823.

Action-Not Available
Vendor-Debian GNU/LinuxGIMP
Product-debian_linuxgimpGIMP
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2018-19490
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.53%
||
7 Day CHG~0.00%
Published-23 Nov, 2018 | 17:00
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.

Action-Not Available
Vendor-gnuplotn/aDebian GNU/LinuxopenSUSE
Product-debian_linuxgnuplotleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3324
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.25%
||
7 Day CHG~0.00%
Published-27 Sep, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in vim/vim

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/Linux
Product-fedoradebian_linuxvimvim/vim
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3234
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.85%
||
7 Day CHG+0.01%
Published-17 Sep, 2022 | 00:00
Updated-03 Aug, 2024 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.

Action-Not Available
Vendor-Fedora ProjectVimDebian GNU/Linux
Product-vimdebian_linuxfedoravim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-2044
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.66%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 22:23
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability

GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PGM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28158.

Action-Not Available
Vendor-GIMP
Product-GIMP
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2018-1000637
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.40% / 60.21%
||
7 Day CHG~0.00%
Published-20 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 12:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2.

Action-Not Available
Vendor-nongnun/aDebian GNU/Linux
Product-debian_linuxzutilsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-19492
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.53%
||
7 Day CHG~0.00%
Published-23 Nov, 2018 | 17:00
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.

Action-Not Available
Vendor-gnuplotn/aDebian GNU/LinuxopenSUSE
Product-debian_linuxgnuplotleapn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-19216
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.95%
||
7 Day CHG~0.00%
Published-12 Nov, 2018 | 19:00
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.

Action-Not Available
Vendor-nasmn/aDebian GNU/Linux
Product-debian_linuxnetwide_assemblern/a
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 40
  • 41
  • Next
Details not found