Total
1451 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2337 | 2025-03-17 | 7.5 HIGH | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in tbeu matio 1.5.28. This issue affects the function Mat_VarPrint of the file src/mat.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-29508 | 1 Artifex | 1 Ghostscript | 2025-03-17 | N/A | 3.3 LOW |
| Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. | |||||
| CVE-2025-2368 | 2025-03-17 | 7.5 HIGH | 6.3 MEDIUM | ||
| A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-2310 | 2025-03-14 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about a batch of vulnerabilities. His response was "reject" without further explanation. We have not received an elaboration even after asking politely for further details. Currently we assume that the vendor wants to "dispute" the entries which is why they are flagged as such until further details become available. | |||||
| CVE-2025-2309 | 2025-03-14 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about a batch of vulnerabilities. His response was "reject" without further explanation. We have not received an elaboration even after asking politely for further details. Currently we assume that the vendor wants to "dispute" the entries which is why they are flagged as such until further details become available. | |||||
| CVE-2025-2308 | 2025-03-14 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about a batch of vulnerabilities. His response was "reject" without further explanation. We have not received an elaboration even after asking politely for further details. Currently we assume that the vendor wants to "dispute" the entries which is why they are flagged as such until further details become available. | |||||
| CVE-2025-24985 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-03-14 | N/A | 7.8 HIGH |
| Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-22134 | 2025-03-14 | N/A | 4.2 MEDIUM | ||
| When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003 | |||||
| CVE-2024-41437 | 1 Dbohdan | 1 Hicolor | 2025-03-13 | N/A | 5.5 MEDIUM |
| A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. | |||||
| CVE-2025-2153 | 1 Hdfgroup | 1 Hdf5 | 2025-03-13 | 5.1 MEDIUM | 5.0 MEDIUM |
| A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-3516 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-13 | N/A | 6.5 MEDIUM |
| Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-2152 | 1 Assimp | 1 Assimp | 2025-03-13 | 7.5 HIGH | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1651 | 2025-03-13 | N/A | 7.8 HIGH | ||
| A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2025-1429 | 2025-03-13 | N/A | 7.8 HIGH | ||
| A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-46264 | 1 Randygaul | 1 Cute Png | 2025-03-13 | N/A | 7.8 HIGH |
| cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_find() function at cute_png.h. | |||||
| CVE-2024-37080 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-03-13 | N/A | 9.8 CRITICAL |
| vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | |||||
| CVE-2025-24993 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-03-13 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-2019 | 2025-03-11 | N/A | 7.8 HIGH | ||
| Ashlar-Vellum Cobalt VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25252. | |||||
| CVE-2025-27171 | 2025-03-11 | N/A | 7.8 HIGH | ||
| InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-24453 | 2025-03-11 | N/A | 7.8 HIGH | ||
| InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||