Total
1900 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29069 | 2025-04-04 | N/A | 7.3 HIGH | ||
| A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations. NOTE: this is disputed by the Supplier because the finding identified a bug in a third-party calling program, not in lcms. | |||||
| CVE-2024-27209 | 1 Google | 1 Android | 2025-04-03 | N/A | 8.4 HIGH |
| there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-1943 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 8.2 HIGH |
| Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Thunderbird < 136. | |||||
| CVE-2025-24439 | 1 Adobe | 1 Substance 3d Sampler | 2025-04-01 | N/A | 7.8 HIGH |
| Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-24443 | 1 Adobe | 1 Substance 3d Sampler | 2025-04-01 | N/A | 7.8 HIGH |
| Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-55627 | 1 Oisf | 1 Suricata | 2025-03-31 | N/A | 5.9 MEDIUM |
| Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8. | |||||
| CVE-2024-28572 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 6.2 MEDIUM |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format. | |||||
| CVE-2022-45491 | 1 Json.h Project | 1 Json.h | 2025-03-26 | N/A | 7.8 HIGH |
| Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | |||||
| CVE-2025-2618 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2025-03-26 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-42783 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | |||||
| CVE-2024-29013 | 1 Sonicwall | 22 Nsa 2700, Nsa 3700, Nsa 4700 and 19 more | 2025-03-25 | N/A | 6.5 MEDIUM |
| Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function. | |||||
| CVE-2024-53310 | 2025-03-19 | N/A | 5.5 MEDIUM | ||
| A Structured Exception Handler based buffer overflow vulnerability exists in Effectmatrix Total Video Converter Command Line (TVCC) 2.50 when a specially crafted file is passed to the -ff parameter. The vulnerability occurs due to improper handling of file input with overly long characters, leading to memory corruption. This can result in arbitrary code execution or denial of service. | |||||
| CVE-2024-29508 | 1 Artifex | 1 Ghostscript | 2025-03-17 | N/A | 3.3 LOW |
| Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. | |||||
| CVE-2024-41437 | 1 Dbohdan | 1 Hicolor | 2025-03-13 | N/A | 5.5 MEDIUM |
| A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. | |||||
| CVE-2025-2153 | 1 Hdfgroup | 1 Hdf5 | 2025-03-13 | 5.1 MEDIUM | 5.0 MEDIUM |
| A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-3516 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-13 | N/A | 6.5 MEDIUM |
| Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-2152 | 1 Assimp | 1 Assimp | 2025-03-13 | 7.5 HIGH | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-46264 | 1 Randygaul | 1 Cute Png | 2025-03-13 | N/A | 7.8 HIGH |
| cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_find() function at cute_png.h. | |||||
| CVE-2024-37080 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-03-13 | N/A | 9.8 CRITICAL |
| vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | |||||
| CVE-2024-34771 | 1 Siemens | 1 Solid Edge Se2024 | 2025-03-07 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | |||||