Total
1588 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38950 | 1 Struktur | 1 Libde265 | 2025-06-06 | N/A | 6.5 MEDIUM |
| Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function. | |||||
| CVE-2024-38949 | 1 Struktur | 1 Libde265 | 2025-06-06 | N/A | 6.5 MEDIUM |
| Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc | |||||
| CVE-2025-1252 | 1 Rti | 1 Connext Professional | 2025-06-05 | N/A | 7.1 HIGH |
| Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.4 before 6.1.2.23. | |||||
| CVE-2025-1051 | 2025-06-04 | N/A | 8.8 HIGH | ||
| Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865. | |||||
| CVE-2024-7055 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 7.5 HIGH | 6.3 MEDIUM |
| A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. | |||||
| CVE-2024-31582 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-03 | N/A | 7.8 HIGH |
| FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. | |||||
| CVE-2025-44904 | 1 Hdfgroup | 1 Hdf5 | 2025-06-03 | N/A | 8.8 HIGH |
| hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function. | |||||
| CVE-2025-44905 | 1 Hdfgroup | 1 Hdf5 | 2025-06-03 | N/A | 8.8 HIGH |
| hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function. | |||||
| CVE-2024-32229 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | N/A | 8.4 HIGH |
| FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column. | |||||
| CVE-2023-49501 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-03 | N/A | 8.0 HIGH |
| Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. | |||||
| CVE-2024-27340 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | N/A | 7.8 HIGH |
| Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22926. | |||||
| CVE-2024-27341 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | N/A | 7.8 HIGH |
| Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22927. | |||||
| CVE-2023-49528 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-03 | N/A | 8.0 HIGH |
| Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. | |||||
| CVE-2025-48990 | 2025-06-02 | N/A | N/A | ||
| NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in `rt_copy_memory`, which unconditionally wrote a null terminator at `dst[len]`. When `len` equals the size of the destination buffer (256 bytes), that extra `'\0'` write overruns the buffer by one byte. To avoid breaking existing callers or changing the public API, the patch in commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee takes a minimal approach: it simply removes the overflow-causing line without adding bounds checks or altering the function signature. | |||||
| CVE-2025-24985 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-29 | N/A | 7.8 HIGH |
| Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally. | |||||
| CVE-2024-50698 | 1 Sungrowpower | 2 Winet-s, Winet-s Firmware | 2025-05-29 | N/A | 9.8 CRITICAL |
| SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content. | |||||
| CVE-2025-4096 | 1 Google | 1 Chrome | 2025-05-28 | N/A | 8.8 HIGH |
| Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-2308 | 1 Hdfgroup | 1 Hdf5 | 2025-05-28 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release. | |||||
| CVE-2025-2309 | 1 Hdfgroup | 1 Hdf5 | 2025-05-28 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release. | |||||
| CVE-2025-2310 | 1 Hdfgroup | 1 Hdf5 | 2025-05-28 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release. | |||||