Total
1229 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21169 | 1 Adobe | 1 Substance 3d Designer | 2025-04-28 | N/A | 7.8 HIGH |
| Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-27171 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-04-28 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-24453 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-04-28 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-50246 | 1 Jqlang | 1 Jq | 2025-04-25 | N/A | 6.2 MEDIUM |
| jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue. | |||||
| CVE-2025-3512 | 2025-04-25 | N/A | N/A | ||
| There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later. | |||||
| CVE-2024-3204 | 1 Blosc | 1 C-blosc2 | 2025-04-25 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-259051. | |||||
| CVE-2024-3203 | 1 Blosc | 1 C-blosc2 | 2025-04-25 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-259050 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-3207 | 1 Ermig1979 | 1 Simd | 2025-04-25 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been declared as critical. This vulnerability affects the function ReadUnsigned of the file src/Simd/SimdMemoryStream.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. VDB-259054 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-3209 | 2 Fedoraproject, Upx | 2 Fedora, Upx | 2025-04-25 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-0755 | 2025-04-24 | N/A | 8.4 HIGH | ||
| The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16 | |||||
| CVE-2022-44910 | 1 Quarkslab | 1 Binbloom | 2025-04-22 | N/A | 7.8 HIGH |
| Binbloom 2.0 was discovered to contain a heap buffer overflow via the read_pointer function at /binbloom-master/src/helpers.c. | |||||
| CVE-2025-0434 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 8.8 HIGH |
| Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-3791 | 2025-04-21 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as critical was found in symisc UnQLite up to 957c377cb691a4f617db9aba5cc46d90425071e2. This vulnerability affects the function jx9MemObjStore of the file /data/src/benchmarks/unqlite/unqlite.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | |||||
| CVE-2025-27173 | 1 Adobe | 1 Substance 3d Modeler | 2025-04-18 | N/A | 7.8 HIGH |
| Substance3D - Modeler versions 1.15.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-27199 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-04-18 | N/A | 7.8 HIGH |
| Animate versions 24.0.7, 23.0.10 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-32619 | 1 Hdfgroup | 1 Hdf5 | 2025-04-18 | N/A | 7.4 HIGH |
| HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer. | |||||
| CVE-2024-32620 | 1 Hdfgroup | 1 Hdf5 | 2025-04-18 | N/A | 7.4 HIGH |
| HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer. | |||||
| CVE-2024-32621 | 1 Hdfgroup | 1 Hdf5 | 2025-04-18 | N/A | 9.8 CRITICAL |
| HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HG_read in H5HG.c (called from H5VL__native_blob_get in H5VLnative_blob.c), resulting in the corruption of the instruction pointer. | |||||
| CVE-2024-32623 | 1 Hdfgroup | 1 Hdf5 | 2025-04-18 | N/A | 8.8 HIGH |
| HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c). | |||||
| CVE-2024-32624 | 1 Hdfgroup | 1 Hdf5 | 2025-04-18 | N/A | 7.4 HIGH |
| HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref.c (called from H5T__conv_ref in H5Tconv.c), resulting in the corruption of the instruction pointer. | |||||