Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-30417

Summary
Assigner-NI
Assigner Org ID-bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4
Published At-15 May, 2025 | 16:18
Updated At-15 May, 2025 | 18:38
Rejected At-
Credits

Out of Bounds Write in Library!DecodeBase64() in NI Circuit Design Suite

There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:NI
Assigner Org ID:bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4
Published At:15 May, 2025 | 16:18
Updated At:15 May, 2025 | 18:38
Rejected At:
▼CVE Numbering Authority (CNA)
Out of Bounds Write in Library!DecodeBase64() in NI Circuit Design Suite

There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.

Affected Products
Vendor
NI
Product
Circuit Design Suite
Default Status
unaffected
Versions
Affected
  • From 0 through 14.3.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100 Overflow Buffers
CAPEC ID: CAPEC-100
Description: CAPEC-100 Overflow Buffers
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Michael Heinzl working with CISA
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-vulnerabilities-in-ni-circuit-design-suite.html
N/A
Hyperlink: https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-vulnerabilities-in-ni-circuit-design-suite.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@ni.com
Published At:15 May, 2025 | 17:15
Updated At:20 May, 2025 | 15:52

There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
ni
ni
>>circuit_design_suite>>Versions before 14.3.1(exclusive)
cpe:2.3:a:ni:circuit_design_suite:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Secondarysecurity@ni.com
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Secondary
Source: security@ni.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-vulnerabilities-in-ni-circuit-design-suite.htmlsecurity@ni.com
Vendor Advisory
Hyperlink: https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-vulnerabilities-in-ni-circuit-design-suite.html
Source: security@ni.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2456Records found
CVE-2025-30421
Matching Score-10
Assigner-National Instruments
ShareView Details
Matching Score-10
Assigner-National Instruments
CVSS Score-8.5||HIGH
EPSS-0.02% / 3.58%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 16:32
Updated-20 May, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in DrObjectStorage::XML_Serialize() in NI Circuit Design Suite

There is a memory corruption vulnerability due to a stack-based buffer overflow in DrObjectStorage::XML_Serialize() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.

Action-Not Available
Vendor-niNI
Product-circuit_design_suiteCircuit Design Suite
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-30418
Matching Score-10
Assigner-National Instruments
ShareView Details
Matching Score-10
Assigner-National Instruments
CVSS Score-8.5||HIGH
EPSS-0.03% / 5.25%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 16:25
Updated-20 May, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of Bounds Write in CheckPins() in NI Circuit Design Suite

There is a memory corruption vulnerability due to an out of bounds write in CheckPins() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.

Action-Not Available
Vendor-niNI
Product-circuit_design_suiteCircuit Design Suite
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2631
Matching Score-10
Assigner-National Instruments
ShareView Details
Matching Score-10
Assigner-National Instruments
CVSS Score-8.5||HIGH
EPSS-0.03% / 6.36%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 19:10
Updated-18 Aug, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of Bounds Write Vulnerability in NI LabVIEW in InitCPUInformation()

Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Action-Not Available
Vendor-niNI
Product-labviewLabVIEW
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2632
Matching Score-10
Assigner-National Instruments
ShareView Details
Matching Score-10
Assigner-National Instruments
CVSS Score-8.5||HIGH
EPSS-0.03% / 6.36%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 19:14
Updated-18 Aug, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of Bounds Write Vulnerability in NI LabVIEW reading CPU info from cache

Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Action-Not Available
Vendor-niNI
Product-labviewLabVIEW
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4080
Matching Score-10
Assigner-National Instruments
ShareView Details
Matching Score-10
Assigner-National Instruments
CVSS Score-8.4||HIGH
EPSS-0.01% / 1.17%
||
7 Day CHG~0.00%
Published-23 Jul, 2024 | 13:29
Updated-01 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory Corruption Due to Improper Length Checks in LabVIEW tdcore.dll

A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

Action-Not Available
Vendor-niNIni
Product-labviewLabVIEWlabview
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4081
Matching Score-10
Assigner-National Instruments
ShareView Details
Matching Score-10
Assigner-National Instruments
CVSS Score-8.4||HIGH
EPSS-0.01% / 1.17%
||
7 Day CHG~0.00%
Published-23 Jul, 2024 | 13:32
Updated-01 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory Corruption Due to Improper Length Check in NI LabVIEW

A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects NI LabVIEW 2024 Q1 and prior versions.

Action-Not Available
Vendor-niNIni
Product-labviewLabVIEWlabview
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-7849
Matching Score-8
Assigner-National Instruments
ShareView Details
Matching Score-8
Assigner-National Instruments
CVSS Score-8.5||HIGH
EPSS-0.05% / 13.30%
||
7 Day CHG+0.02%
Published-29 Jul, 2025 | 21:27
Updated-19 Aug, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory Corruption Issue in NI LabVIEW due to improper error handling

A memory corruption vulnerability due to improper error handling when a VILinkObj is null exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Action-Not Available
Vendor-niNI
Product-labviewLabVIEW
CWE ID-CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
CVE-2025-7848
Matching Score-8
Assigner-National Instruments
ShareView Details
Matching Score-8
Assigner-National Instruments
CVSS Score-8.5||HIGH
EPSS-0.05% / 13.30%
||
7 Day CHG+0.02%
Published-29 Jul, 2025 | 21:24
Updated-19 Aug, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing input check in lvpict.cpp used in NI LabVIEW

A memory corruption vulnerability due to improper input validation in lvpict.cpp exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Action-Not Available
Vendor-niNI
Product-labviewLabVIEW
CWE ID-CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
CVE-2025-7361
Matching Score-8
Assigner-National Instruments
ShareView Details
Matching Score-8
Assigner-National Instruments
CVSS Score-8.5||HIGH
EPSS-0.03% / 5.15%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 21:19
Updated-19 Aug, 2025 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code Injection Vulnerability in NI LabVIEW when using CIN nodes

A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI using a CIN node. This vulnerability affects 32-bit NI LabVIEW 2025 Q1 and prior versions. LabVIEW 64-bit versions do not support CIN nodes and are not affected.

Action-Not Available
Vendor-niNIMicrosoft Corporation
Product-labviewwindowsLabVIEW
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-12740
Matching Score-8
Assigner-National Instruments
ShareView Details
Matching Score-8
Assigner-National Instruments
CVSS Score-7||HIGH
EPSS-0.02% / 3.62%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 17:17
Updated-27 Jan, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dependency on Vulnerable Third-Party Component exposes Vulnerabilities in NI Vision Software

Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file.

Action-Not Available
Vendor-NI
Product-Vision Development ModuleNI-IMAQdxFlexRIOData Record ADFRC Game ToolsVision Builder for Automated InspectionVision Acquisition Software
CWE ID-CWE-1395
Dependency on Vulnerable Third-Party Component
CVE-2024-12741
Matching Score-8
Assigner-National Instruments
ShareView Details
Matching Score-8
Assigner-National Instruments
CVSS Score-8.4||HIGH
EPSS-1.25% / 78.48%
||
7 Day CHG+0.05%
Published-18 Dec, 2024 | 19:20
Updated-06 Mar, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deserialization Of Untrusted Data Vulnerability In NI DAQExpress Project File

A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects DAQExpress 5.1 and prior versions.  Please note that DAQExpress is an EOL product and will not receive any updates.

Action-Not Available
Vendor-NI
Product-DAQExpress
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-12742
Matching Score-8
Assigner-National Instruments
ShareView Details
Matching Score-8
Assigner-National Instruments
CVSS Score-8.4||HIGH
EPSS-0.29% / 52.00%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 16:27
Updated-06 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deserialization of Untrusted Data Vulnerability in NI G Web Development Software

A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution.  Successful exploitation requires an attacker to get a user to open a specially crafted project file.  This vulnerability affects G Web Development Software 2022 Q3 and prior versions.

Action-Not Available
Vendor-NI
Product-G Web Development Software
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-10496
Matching Score-8
Assigner-National Instruments
ShareView Details
Matching Score-8
Assigner-National Instruments
CVSS Score-8.4||HIGH
EPSS-0.04% / 9.44%
||
7 Day CHG-0.00%
Published-10 Dec, 2024 | 15:55
Updated-04 Mar, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of bounds read in BuildFontMap in fontmgr.cpp in NI LabVIEW

An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions.

Action-Not Available
Vendor-niNI
Product-labviewLabVIEW
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
CVE-2024-10494
Matching Score-8
Assigner-National Instruments
ShareView Details
Matching Score-8
Assigner-National Instruments
CVSS Score-8.4||HIGH
EPSS-0.04% / 9.44%
||
7 Day CHG-0.00%
Published-10 Dec, 2024 | 15:49
Updated-04 Mar, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of bounds read in HeapObjMapImpl.cpp in NI LabVIEW

An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions.

Action-Not Available
Vendor-niNI
Product-labviewLabVIEW
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
CVE-2025-30419
Matching Score-8
Assigner-National Instruments
ShareView Details
Matching Score-8
Assigner-National Instruments
CVSS Score-8.5||HIGH
EPSS-0.02% / 3.58%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 16:27
Updated-20 May, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of Bounds Read in GetSymbolBorderRectSize() in NI Circuit Design Suite

There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.

Action-Not Available
Vendor-niNI
Product-circuit_design_suiteCircuit Design Suite
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-30420
Matching Score-8
Assigner-National Instruments
ShareView Details
Matching Score-8
Assigner-National Instruments
CVSS Score-8.5||HIGH
EPSS-0.02% / 3.58%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 16:29
Updated-20 May, 2025 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of Bounds Read in Bitmap::InternalDraw() in NI Circuit Design Suite

There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.

Action-Not Available
Vendor-niNI
Product-circuit_design_suiteCircuit Design Suite
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-2630
Matching Score-8
Assigner-National Instruments
ShareView Details
Matching Score-8
Assigner-National Instruments
CVSS Score-7||HIGH
EPSS-0.03% / 6.47%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 18:50
Updated-18 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL Hijacking Vulnerability in NI LabVIEW

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Action-Not Available
Vendor-niNI
Product-labviewLabVIEW
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-2633
Matching Score-8
Assigner-National Instruments
ShareView Details
Matching Score-8
Assigner-National Instruments
CVSS Score-7.3||HIGH
EPSS-0.04% / 9.50%
||
7 Day CHG+0.01%
Published-23 Jul, 2025 | 15:49
Updated-19 Aug, 2025 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of Bounds Read Vulnerability in NI LabVIEW when loading fonts

Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvre!UDecStrToNum that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Action-Not Available
Vendor-niNI
Product-labviewLabVIEW
CWE ID-CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
CVE-2025-2634
Matching Score-8
Assigner-National Instruments
ShareView Details
Matching Score-8
Assigner-National Instruments
CVSS Score-7.3||HIGH
EPSS-0.04% / 9.50%
||
7 Day CHG+0.01%
Published-23 Jul, 2025 | 15:53
Updated-19 Aug, 2025 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of Bounds Read Vulnerability in NI LabVIEW when building font map

Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Action-Not Available
Vendor-niNI
Product-labviewLabVIEW
CWE ID-CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
CVE-2025-2629
Matching Score-8
Assigner-National Instruments
ShareView Details
Matching Score-8
Assigner-National Instruments
CVSS Score-7||HIGH
EPSS-0.03% / 6.47%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 18:45
Updated-18 Aug, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL Hijacking Vulnerability in NI LabVIEW When Loading NI Error Reporting

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Action-Not Available
Vendor-niNI
Product-labviewLabVIEW
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-10495
Matching Score-8
Assigner-National Instruments
ShareView Details
Matching Score-8
Assigner-National Instruments
CVSS Score-8.4||HIGH
EPSS-0.04% / 9.44%
||
7 Day CHG-0.00%
Published-10 Dec, 2024 | 15:52
Updated-04 Mar, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of bounds read when loading the font table in fontmgr.cpp in NI LabVIEW

An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions.

Action-Not Available
Vendor-niNI
Product-labviewLabVIEW
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
CVE-2024-6791
Matching Score-8
Assigner-National Instruments
ShareView Details
Matching Score-8
Assigner-National Instruments
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.34%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 20:38
Updated-17 Sep, 2024 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Directory Path Traversal Vulnerability in NI VeriStand with vsmodel Files

A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .vsmodel file. This vulnerability affects VeriStand 2024 Q2 and prior versions.

Action-Not Available
Vendor-niNIni
Product-veristandVeriStandveristand
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-5602
Matching Score-8
Assigner-National Instruments
ShareView Details
Matching Score-8
Assigner-National Instruments
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.39%
||
7 Day CHG~0.00%
Published-23 Jul, 2024 | 13:15
Updated-01 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow Vulnerability in NI I/O Trace Tool

A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file. The NI I/O Trace tool is installed as part of the NI System Configuration utilities included with many NI software products.  Refer to the NI Security Advisory for identifying the version of NI IO Trace.exe installed. The NI I/O Trace tool was also previously released as NI Spy.

Action-Not Available
Vendor-NIni
Product-IO Trace Toolsystem_configuration
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-4079
Matching Score-8
Assigner-National Instruments
ShareView Details
Matching Score-8
Assigner-National Instruments
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.17%
||
7 Day CHG~0.00%
Published-23 Jul, 2024 | 13:19
Updated-01 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of Bounds Read Due to Missing Bounds Check in LabVIEW

An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

Action-Not Available
Vendor-niNIni
Product-labviewLabVIEWlabview
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23610
Matching Score-6
Assigner-National Instruments
ShareView Details
Matching Score-6
Assigner-National Instruments
CVSS Score-7.8||HIGH
EPSS-1.44% / 79.92%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 15:12
Updated-27 Feb, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of Bounds Write Due to Missing Bounds Check in LabVIEW

An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

Action-Not Available
Vendor-niNIni
Product-labviewLabVIEWlabview
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23611
Matching Score-6
Assigner-National Instruments
ShareView Details
Matching Score-6
Assigner-National Instruments
CVSS Score-7.8||HIGH
EPSS-1.07% / 76.78%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 15:14
Updated-27 Feb, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of Bounds Write Due to Missing Bounds Check in LabVIEW

An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

Action-Not Available
Vendor-niNIni
Product-labviewLabVIEWlabview
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23608
Matching Score-6
Assigner-National Instruments
ShareView Details
Matching Score-6
Assigner-National Instruments
CVSS Score-7.8||HIGH
EPSS-1.44% / 79.92%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 15:10
Updated-22 Aug, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of Bounds Write Due to Missing Bounds Check in LabVIEW

An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

Action-Not Available
Vendor-NIni
Product-LabVIEWlabview
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-4601
Matching Score-6
Assigner-National Instruments
ShareView Details
Matching Score-6
Assigner-National Instruments
CVSS Score-8.1||HIGH
EPSS-0.21% / 43.23%
||
7 Day CHG~0.00%
Published-18 Oct, 2023 | 19:15
Updated-13 Sep, 2024 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in NI System Configuration Software

A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an attacker can provide a specially crafted response. This affects NI System Configuration 2023 Q3 and all previous versions.

Action-Not Available
Vendor-niNIniMicrosoft Corporation
Product-windowssystem_configurationSystem Configurationsystem_configuration
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2779
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.62% / 68.93%
||
7 Day CHG~0.00%
Published-05 Sep, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this vulnerability and can potentially result in code execution.

Action-Not Available
Vendor-niNational Instruments
Product-labviewLabVIEW 2016
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9573
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.56%
||
7 Day CHG~0.00%
Published-07 Dec, 2018 | 23:00
Updated-05 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116467350.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9575
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.56%
||
7 Day CHG~0.00%
Published-07 Dec, 2018 | 23:00
Updated-05 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116619387.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9549
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.25% / 48.45%
||
7 Day CHG~0.00%
Published-06 Dec, 2018 | 14:00
Updated-05 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112160868.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-30282
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.66%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 08:59
Updated-02 Dec, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate 2024 Out of Bound Write Remote Code Execution Vulnerability

Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsanimatemacosAnimateanimate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9469
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.01% / 0.42%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 16:53
Updated-18 Dec, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-862
Missing Authorization
CVE-2016-5399
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-19.45% / 95.17%
||
7 Day CHG+2.11%
Published-21 Apr, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9550
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.25% / 48.45%
||
7 Day CHG~0.00%
Published-06 Dec, 2018 | 14:00
Updated-05 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112660981.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9428
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.01% / 0.64%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 21:25
Updated-22 Nov, 2024 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. https://source.android.com/security/bulletin/2018-07-01

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-416
Use After Free
CVE-2022-34992
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.66%
||
7 Day CHG~0.00%
Published-03 Aug, 2022 | 17:09
Updated-03 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Luadec v0.9.9 was discovered to contain a heap-buffer overflow via the function UnsetPending.

Action-Not Available
Vendor-luadec_projectn/a
Product-luadecn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-17253
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.35% / 56.55%
||
7 Day CHG~0.00%
Published-08 Oct, 2019 | 11:19
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x000000000000a6b8.

Action-Not Available
Vendor-n/aIrfanView
Product-irfanviewn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9551
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.25% / 48.45%
||
7 Day CHG~0.00%
Published-06 Dec, 2018 | 14:00
Updated-05 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-bound write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891548.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9576
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.56%
||
7 Day CHG~0.00%
Published-07 Dec, 2018 | 23:00
Updated-05 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715245.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9341
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 44.55%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 18:51
Updated-22 Nov, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In impeg2d_mc_fullx_fully of impeg2d_mc.c there is a possible out of bound write due to missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-38110
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.11%
||
7 Day CHG~0.00%
Published-01 Oct, 2021 | 22:59
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file.

Action-Not Available
Vendor-n/aCorel Corporation
Product-wordperfect_2020n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-38097
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.39% / 79.55%
||
7 Day CHG~0.00%
Published-01 Oct, 2021 | 17:50
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.

Action-Not Available
Vendor-n/aCorel Corporation
Product-pdf_fusionn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-8833
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.78% / 72.69%
||
7 Day CHG~0.00%
Published-25 Apr, 2018 | 23:00
Updated-17 Sep, 2024 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.

Action-Not Available
Vendor-ICS-CERTAdvantech (Advantech Co., Ltd.)
Product-webaccess_hmi_designerAdvantech WebAccess HMI Designer
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-27327
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.70% / 71.14%
||
7 Day CHG+0.19%
Published-01 Apr, 2024 | 21:50
Updated-04 Dec, 2024 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22277.

Action-Not Available
Vendor-PDF-XChange Co Ltd.
Product-pdf-toolspdf-xchange_editorPDF-XChange Editorpdf-xchange_editor
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-38103
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 52.13%
||
7 Day CHG~0.00%
Published-01 Oct, 2021 | 18:08
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file.

Action-Not Available
Vendor-n/aCorel Corporation
Product-presentations_2020n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-27802
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.79%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 20:56
Updated-13 Feb, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadostvosvisionosmacosvisionOSiOS and iPadOSmacOStvOSmacosiphone_osvisionosipad_ostv_os
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-38419
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.85%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric Tellus Lite V-Simulator out of bounds write

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-v-serverv-simulatorV-Server LiteTellus Lite V-Simulator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9570
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.56%
||
7 Day CHG~0.00%
Published-07 Dec, 2018 | 23:00
Updated-05 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-115375616.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 49
  • 50
  • Next
Details not found