Total
2626 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55005 | 1 Imagemagick | 1 Imagemagick | 2025-08-15 | 5.5 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version 7.1.2-1. | ||||
| CVE-2025-55004 | 1 Imagemagick | 1 Imagemagick | 2025-08-15 | 7.6 High |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1. | ||||
| CVE-2025-31177 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2025-08-15 | 6.2 Medium |
| gnuplot is affected by a heap buffer overflow at function utf8_copy_one. | ||||
| CVE-2025-1051 | 1 Sonos | 2 Era 300, Era 300 Firmware | 2025-08-15 | N/A |
| Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865. | ||||
| CVE-2025-22134 | 2 Netapp, Vim | 3 Bootstrap Os, Hci Compute Node, Vim | 2025-08-14 | 4.2 Medium |
| When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003 | ||||
| CVE-2025-5750 | 1 Wolfbox | 2 Level 2 Ev Charger, Level 2 Ev Charger Firmware | 2025-08-14 | N/A |
| WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the secKey, localKey, stdTimeZone and devId parameters. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26294. | ||||
| CVE-2025-54212 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-08-14 | 7.8 High |
| InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54211 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-08-14 | 7.8 High |
| InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54209 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-08-14 | 7.8 High |
| InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54220 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-08-14 | 7.8 High |
| InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54219 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-08-14 | 7.8 High |
| InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54217 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-08-14 | 7.8 High |
| InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-49560 | 1 Adobe | 1 Substance 3d Viewer | 2025-08-14 | 7.8 High |
| Substance3D - Viewer versions 0.25 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2018-17095 | 3 Audiofile, Canonical, Redhat | 3 Audiofile, Ubuntu Linux, Enterprise Linux | 2025-08-13 | 8.8 High |
| An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert. | ||||
| CVE-2025-48071 | 1 Openexr | 1 Openexr | 2025-08-13 | 7.8 High |
| OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3. | ||||
| CVE-2025-3320 | 1 Ibm | 1 Tivoli Monitoring | 2025-08-13 | 8.1 High |
| IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. | ||||
| CVE-2025-3354 | 1 Ibm | 1 Tivoli Monitoring | 2025-08-13 | 8.1 High |
| IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. | ||||
| CVE-2021-34971 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-08-13 | N/A |
| Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14812. | ||||
| CVE-2025-7025 | 1 Rockwellautomation | 1 Arena | 2025-08-13 | 7.8 High |
| A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information. | ||||
| CVE-2025-7033 | 1 Rockwellautomation | 2 Arena, Arena Simulation | 2025-08-13 | 7.8 High |
| A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information. | ||||