Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-47750

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-16 Jun, 2026 | 18:17
Updated At-17 Jun, 2026 | 13:58
Rejected At-
Credits

stable-diffusion.cpp: Heap buffer overflow in GLOBAL opcode parsing for PyTorch checkpoint files

stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode handler. The issue was caused by missing validation when searching for newline-delimited fields. A crafted .ckpt file without the expected newline could cause the parser to use -1 as a copy length, resulting in immediate heap corruption. The attack requires the victim or application to load a .ckpt file from an untrusted source, such as a downloaded model from a model sharing site. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by following these instructions: do not load .ckpt checkpoint files from untrusted sources, and prefer trusted model sources and safer formats such as .safetensors where possible.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:16 Jun, 2026 | 18:17
Updated At:17 Jun, 2026 | 13:58
Rejected At:
â–¼CVE Numbering Authority (CNA)
stable-diffusion.cpp: Heap buffer overflow in GLOBAL opcode parsing for PyTorch checkpoint files

stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode handler. The issue was caused by missing validation when searching for newline-delimited fields. A crafted .ckpt file without the expected newline could cause the parser to use -1 as a copy length, resulting in immediate heap corruption. The attack requires the victim or application to load a .ckpt file from an untrusted source, such as a downloaded model from a model sharing site. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by following these instructions: do not load .ckpt checkpoint files from untrusted sources, and prefer trusted model sources and safer formats such as .safetensors where possible.

Affected Products
Vendor
leejet
Product
stable-diffusion.cpp
Versions
Affected
  • < master-584-0a7ae07
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787: Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787: Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/leejet/stable-diffusion.cpp/security/advisories/GHSA-v37x-jwp7-mcvc
x_refsource_CONFIRM
https://github.com/leejet/stable-diffusion.cpp/pull/1443
x_refsource_MISC
https://github.com/leejet/stable-diffusion.cpp/commit/0a7ae07f948eff4611968a65a22bd7c7031ad74f
x_refsource_MISC
Hyperlink: https://github.com/leejet/stable-diffusion.cpp/security/advisories/GHSA-v37x-jwp7-mcvc
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/leejet/stable-diffusion.cpp/pull/1443
Resource:
x_refsource_MISC
Hyperlink: https://github.com/leejet/stable-diffusion.cpp/commit/0a7ae07f948eff4611968a65a22bd7c7031ad74f
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/leejet/stable-diffusion.cpp/security/advisories/GHSA-v37x-jwp7-mcvc
exploit
Hyperlink: https://github.com/leejet/stable-diffusion.cpp/security/advisories/GHSA-v37x-jwp7-mcvc
Resource:
exploit
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:16 Jun, 2026 | 20:16
Updated At:25 Jun, 2026 | 13:55

stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode handler. The issue was caused by missing validation when searching for newline-delimited fields. A crafted .ckpt file without the expected newline could cause the parser to use -1 as a copy length, resulting in immediate heap corruption. The attack requires the victim or application to load a .ckpt file from an untrusted source, such as a downloaded model from a model sharing site. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by following these instructions: do not load .ckpt checkpoint files from untrusted sources, and prefer trusted model sources and safer formats such as .safetensors where possible.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

leejet
leejet
>>stable-diffusion.cpp>>Versions before master-584-0a7ae07(exclusive)
cpe:2.3:a:leejet:stable-diffusion.cpp:*:*:*:*:*:c\+\+:*:*
Weaknesses
CWE IDTypeSource
CWE-787Secondarysecurity-advisories@github.com
CWE ID: CWE-787
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/leejet/stable-diffusion.cpp/commit/0a7ae07f948eff4611968a65a22bd7c7031ad74fsecurity-advisories@github.com
Patch
https://github.com/leejet/stable-diffusion.cpp/pull/1443security-advisories@github.com
Issue Tracking
Patch
https://github.com/leejet/stable-diffusion.cpp/security/advisories/GHSA-v37x-jwp7-mcvcsecurity-advisories@github.com
Exploit
Mitigation
Vendor Advisory
https://github.com/leejet/stable-diffusion.cpp/security/advisories/GHSA-v37x-jwp7-mcvc134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Mitigation
Vendor Advisory
Hyperlink: https://github.com/leejet/stable-diffusion.cpp/commit/0a7ae07f948eff4611968a65a22bd7c7031ad74f
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/leejet/stable-diffusion.cpp/pull/1443
Source: security-advisories@github.com
Resource:
Issue Tracking
Patch
Hyperlink: https://github.com/leejet/stable-diffusion.cpp/security/advisories/GHSA-v37x-jwp7-mcvc
Source: security-advisories@github.com
Resource:
Exploit
Mitigation
Vendor Advisory
Hyperlink: https://github.com/leejet/stable-diffusion.cpp/security/advisories/GHSA-v37x-jwp7-mcvc
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Mitigation
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2628Records found

CVE-2022-42943
Matching Score-4
Assigner-Autodesk
ShareView Details
Matching Score-4
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.37% / 29.44%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_civil_3dautocad_ltautocadautocad_mechanicalautocad_electricalautocad_plant_3ddesign_reviewautocad_advance_steelautocad_architectureautocad_mepautocad_map_3dAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-7451
Matching Score-4
Assigner-Autodesk
ShareView Details
Matching Score-4
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.18%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 17:05
Updated-27 May, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIF File Parsing Out-of-Bounds Write in Autodesk 3ds Max

A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-3ds_max3ds Max
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43397
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.23% / 13.56%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-21 Apr, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Simcenter Femap (All versions < V2023.1). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17854)

Action-Not Available
Vendor-Siemens AG
Product-parasolidParasolid V34.0Parasolid V35.0Parasolid V34.1Simcenter Femap
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43618
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.87% / 54.50%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-14 Feb, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PCX files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16377.

Action-Not Available
Vendor-Corel Corporation
Product-coreldrawCorelDRAW Graphics Suite
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43667
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.27% / 18.41%
||
7 Day CHG~0.00%
Published-07 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.

Action-Not Available
Vendor-omronOMRON Corporation
Product-cx-programmerCX-Programmer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-8357
Matching Score-4
Assigner-Document Foundation, The
ShareView Details
Matching Score-4
Assigner-Document Foundation, The
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 3.65%
||
7 Day CHG+0.02%
Published-15 Jun, 2026 | 16:23
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap buffer overflow in Calc formula compilation

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting.

Action-Not Available
Vendor-The Document FoundationRed Hat, Inc.
Product-LibreOfficeRed Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-193
Off-by-one Error
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-17253
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.49% / 70.97%
||
7 Day CHG~0.00%
Published-08 Oct, 2019 | 11:19
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x000000000000a6b8.

Action-Not Available
Vendor-n/aIrfanView
Product-irfanviewn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-3944
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-7.8||HIGH
EPSS-27.50% / 97.83%
||
7 Day CHG~0.00%
Published-02 Jan, 2020 | 18:43
Updated-06 Aug, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag.

Action-Not Available
Vendor-extensisIrfanView
Product-mrsidMrSID plugin
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42901
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 20.27%
||
7 Day CHG~0.00%
Published-13 Oct, 2022 | 00:00
Updated-15 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.

Action-Not Available
Vendor-n/aBentley Systems, Incorporated
Product-microstationviewn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42934
Matching Score-4
Assigner-Autodesk
ShareView Details
Matching Score-4
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.34% / 25.73%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_civil_3dautocad_ltautocadautocad_mechanicalautocad_electricalautocad_plant_3ddesign_reviewautocad_advance_steelautocad_architectureautocad_mepautocad_map_3dAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43607
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.80% / 51.98%
||
7 Day CHG+0.04%
Published-21 Jul, 2023 | 20:25
Updated-24 Oct, 2024 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write vulnerability exists in the MOL2 format attribute and value functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-openbabelOpen Babel
Product-open_babelOpen Babel
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-3937
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-7.8||HIGH
EPSS-1.75% / 75.04%
||
7 Day CHG~0.00%
Published-02 Jan, 2020 | 19:11
Updated-06 Aug, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file.

Action-Not Available
Vendor-XnView (XnSoft)
Product-xnviewXnView
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42936
Matching Score-4
Assigner-Autodesk
ShareView Details
Matching Score-4
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.37% / 29.44%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_civil_3dautocad_ltautocadautocad_mechanicalautocad_electricalautocad_plant_3ddesign_reviewautocad_advance_steelautocad_architectureautocad_mepautocad_map_3dAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42410
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.36% / 27.99%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 00:00
Updated-01 Apr, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PGM files. Crafted data in a PGM file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18365.

Action-Not Available
Vendor-PDF-XChange Co Ltd.
Product-pdf-xchange_editorPDF-XChange Editor
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21139
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.26% / 17.05%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 19:16
Updated-12 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Designer | Heap-based Buffer Overflow (CWE-122)

Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_designerSubstance3D - Designer
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21137
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.26% / 17.05%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 19:16
Updated-12 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Designer | Heap-based Buffer Overflow (CWE-122)

Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_designerSubstance3D - Designer
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21121
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.26% / 17.25%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:10
Updated-03 Mar, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Out-of-bounds Write (CWE-787)

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft CorporationApple Inc.
Product-macoswindowsindesignInDesign Desktop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20964
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.6||MEDIUM
EPSS-0.14% / 3.89%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 08:24
Updated-21 May, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20888
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7||HIGH
EPSS-0.15% / 4.83%
||
7 Day CHG+0.01%
Published-04 Feb, 2025 | 07:19
Updated-12 Feb, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21136
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.21% / 11.36%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 19:16
Updated-12 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Designer | Out-of-bounds Write (CWE-787)

Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_designerSubstance3D - Designer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-6691
Matching Score-4
Assigner-MongoDB, Inc.
ShareView Details
Matching Score-4
Assigner-MongoDB, Inc.
CVSS Score-8.6||HIGH
EPSS-0.13% / 2.65%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 15:08
Updated-18 Jun, 2026 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI.

Action-Not Available
Vendor-MongoDB, Inc.
Product-c_driverMongoDB C Driver
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42380
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.36% / 27.99%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 00:00
Updated-01 Apr, 2025 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18649.

Action-Not Available
Vendor-PDF-XChange Co Ltd.
Product-pdf-xchange_editorPDF-XChange Editor
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-17256
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.49% / 70.97%
||
7 Day CHG~0.00%
Published-08 Oct, 2019 | 11:20
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.53 allows a User Mode Write AV starting at DPX!ReadDPX_W+0x0000000000001203.

Action-Not Available
Vendor-n/aIrfanView
Product-irfanviewn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42371
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.39% / 30.63%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 00:00
Updated-01 Apr, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18346.

Action-Not Available
Vendor-PDF-XChange Co Ltd.
Product-pdf-xchange_editorPDF-XChange Editor
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21890
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.71% / 48.88%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-04 Oct, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document.

Action-Not Available
Vendor-n/aArtifex Software Inc.
Product-ghostscriptn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21130
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.21% / 11.52%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:58
Updated-12 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Stager | Out-of-bounds Write (CWE-787)

Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft CorporationApple Inc.
Product-macoswindowssubstance_3d_stagerSubstance3D - Stager
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20882
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7||HIGH
EPSS-0.16% / 5.97%
||
7 Day CHG+0.01%
Published-04 Feb, 2025 | 07:19
Updated-12 Feb, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21157
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.27% / 19.29%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:10
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Out-of-bounds Write (CWE-787)

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-macoswindowsindesignInDesign Desktop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41992
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.47% / 37.24%
||
7 Day CHG~0.00%
Published-19 Dec, 2022 | 10:00
Updated-15 Apr, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-powerisoPowerISO
Product-powerisoPowerISO
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-3247
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-7.8||HIGH
EPSS-2.40% / 82.01%
||
7 Day CHG~0.00%
Published-02 Jan, 2020 | 19:38
Updated-06 Aug, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.

Action-Not Available
Vendor-XnView (XnSoft)
Product-xnviewXnView
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42394
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.38% / 30.05%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 00:00
Updated-01 Apr, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18893.

Action-Not Available
Vendor-PDF-XChange Co Ltd.
Product-pdf-xchange_editorPDF-XChange Editor
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20890
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7||HIGH
EPSS-0.15% / 4.83%
||
7 Day CHG+0.01%
Published-04 Feb, 2025 | 07:19
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21169
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.29% / 20.36%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:26
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Designer | Heap-based Buffer Overflow (CWE-122)

Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_designerSubstance3D - Designer
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42820
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.31% / 22.90%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-21 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may cause unexpected app termination or arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosiphone_osmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41660
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.38% / 30.17%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-21 Apr, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationTeamcenter Visualization V13.3Teamcenter Visualization V13.2JT2GoTeamcenter Visualization V14.1Teamcenter Visualization V14.0
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-6676
Matching Score-4
Assigner-NortonLifeLock Inc.
ShareView Details
Matching Score-4
Assigner-NortonLifeLock Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 2.29%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 22:16
Updated-15 Jun, 2026 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avira antivirus engine heap buffer OOB write when scanning a malformed POSIX tar archive

Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.27.12.

Action-Not Available
Vendor-Gen Digital
Product-Avira Antivirus
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-24412
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.69% / 84.02%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 21:57
Updated-16 Sep, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator Memory Corruption Vulnerability

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsillustratorIllustrator
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20881
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7||HIGH
EPSS-0.16% / 5.97%
||
7 Day CHG+0.01%
Published-04 Feb, 2025 | 07:19
Updated-12 Feb, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21129
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.26% / 17.20%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:58
Updated-12 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Stager | Heap-based Buffer Overflow (CWE-122)

Substance3D - Stager versions 3.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft CorporationApple Inc.
Product-macoswindowssubstance_3d_stagerSubstance3D - Stager
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42377
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.34% / 25.88%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 00:00
Updated-01 Apr, 2025 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18630.

Action-Not Available
Vendor-PDF-XChange Co Ltd.
Product-pdf-xchange_editorPDF-XChange Editor
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-5726
Matching Score-4
Assigner-Delta Electronics, Inc.
ShareView Details
Matching Score-4
Assigner-Delta Electronics, Inc.
CVSS Score-7.8||HIGH
EPSS-0.34% / 25.85%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:46
Updated-13 Apr, 2026 | 12:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASDA-Soft Stack-based Buffer Overflow Vulnerability

ASDA-Soft Stack-based Buffer Overflow Vulnerability

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-asda_softASDA-Soft
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42419
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.43% / 34.88%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 00:00
Updated-31 Mar, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18700.

Action-Not Available
Vendor-PDF-XChange Co Ltd.
Product-pdf-xchange_editorPDF-XChange Editor
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21132
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.21% / 11.52%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:58
Updated-12 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Stager | Out-of-bounds Write (CWE-787)

Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft CorporationApple Inc.
Product-macoswindowssubstance_3d_stagerSubstance3D - Stager
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21164
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.19% / 9.40%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:39
Updated-11 Jul, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Designer | Out-of-bounds Write (CWE-787)

Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_designerSubstance3D - Designer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-3246
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-7.8||HIGH
EPSS-2.40% / 82.01%
||
7 Day CHG~0.00%
Published-02 Jan, 2020 | 19:38
Updated-06 Aug, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file.

Action-Not Available
Vendor-XnView (XnSoft)
Product-xnviewXnView
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21161
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.33% / 24.45%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:31
Updated-11 Feb, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Designer | Out-of-bounds Write (CWE-787)

Substance3D - Designer versions 14.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-Substance3D - Designer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21123
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.34% / 25.47%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:10
Updated-03 Mar, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft CorporationApple Inc.
Product-macoswindowsindesignInDesign Desktop
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20963
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.6||MEDIUM
EPSS-0.14% / 3.89%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 08:24
Updated-21 May, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21166
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.19% / 9.40%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:39
Updated-11 Jul, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Designer | Out-of-bounds Write (CWE-787)

Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_designerSubstance3D - Designer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42403
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.54% / 41.24%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 00:00
Updated-27 Mar, 2025 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18892.

Action-Not Available
Vendor-PDF-XChange Co Ltd.
Product-pdf-xchange_editorPDF-XChange Editor
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 52
  • 53
  • Next
Details not found