Heap-based Buffer OverflowCWE-122
| CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
|---|---|---|---|---|---|
CVE-2024-9632A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. | CVSS 7.8 | X.org | - | Patched |  |
CVE-2024-8948A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 908ab1ceca15ee6fd0ef82ca4cba770a3ec41894. It is recommended to apply a patch to fix this issue. In micropython objint component, converting zero from int to bytes leads to heap buffer-overflow-write at mpz_as_bytes. | CVSS 7.5 | Micropython | Exploit | Patched |  |
CVE-2024-8946A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 29943546343c92334e8518695a11fc0e2ceea68b. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read. | CVSS 7.5 | Micropython | Exploit | Patched |  |
CVE-2024-8905Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium) | CVSS 8.8 | - | Patched |  | |
CVE-2024-8636[Severity: High]
Heap buffer overflow in Skia. Reported by Renan Rios (@hyhy_100) on 2024-08-22
Google Chrome update, version 128.0.6613.137 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  | |
CVE-2024-8594A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | CVSS 7.8 | Autodesk | - | Patched |  |
CVE-2024-8591A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | CVSS 7.8 | Autodesk | - | Patched |  |
CVE-2024-8587A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | CVSS 7.8 | Autodesk | - | Patched |  |
CVE-2024-8443A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution. | CVSS 2.9 | Opensc project, et al | - | Patched |  |
CVE-2024-8198Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  | |
CVE-2024-8193Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  | |
CVE-2024-7973Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security severity: Medium) | CVSS 8.8 | - | Patched |  | |
CVE-2024-7967Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  | |
CVE-2024-7730A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero. | CVSS 7.4 | Qemu | - | - |  |
CVE-2024-7674A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process. | CVSS 7.8 | Autodesk | - | Patched |  |
CVE-2024-7673A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process. | CVSS 7.8 | Autodesk | - | Patched |  |
CVE-2024-7546This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.<br/>The specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account.<br/> <p>08/05/24 – ZDI made multiple attempts to report the vulnerability to the vendor via the oFono distribution list, Red Hat, and upstream Linux Kernel, but the vendor did not respond. The Linux Kernel informed ZDI that since it “has nothing to do with the Linux Kernel,” we should report it to the distribution list. </p><p>-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application</p><br/></td> | CVSS 7.8 | Agi, et al | Exploit | Patched |  |
CVE-2024-7545This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.<br/>The specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account.<br/> <p>08/05/24 – ZDI made multiple attempts to report the vulnerability to the vendor via the oFono distribution list, Red Hat, and upstream Linux Kernel, but the vendor did not respond. The Linux Kernel informed ZDI that since it “has nothing to do with the Linux Kernel,” we should report it to the distribution list. </p><p>-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application</p><br/></td> | CVSS 7.8 | Agi, et al | Exploit | Patched |  |
CVE-2024-7544This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.<br/>The specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account.<br/> <p>08/05/24 – ZDI made multiple attempts to report the vulnerability to the vendor via the oFono distribution list, Red Hat, and upstream Linux Kernel, but the vendor did not respond. The Linux Kernel informed ZDI that since it “has nothing to do with the Linux Kernel,” we should report it to the distribution list. </p><p>-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application</p><br/></td> | CVSS 7.8 | Agi, et al | Exploit | Patched |  |
CVE-2024-7543This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.<br/>The specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account.<br/> <p>08/05/24 – ZDI made multiple attempts to report the vulnerability to the vendor via the oFono distribution list, Red Hat, and upstream Linux Kernel, but the vendor did not respond. The Linux Kernel informed ZDI that since it “has nothing to do with the Linux Kernel,” we should report it to the distribution list. </p><p>-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application</p><br/></td> | CVSS 7.8 | Agi, et al | Exploit | Patched |  |
CVE-2024-7535[Severity: High]
Inappropriate implementation in V8. Reported by Tashita Software Security on 2024-07-12
Google Chrome update, version 127.0.6533.99 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  | |
CVE-2024-7534[Severity: High]
Heap buffer overflow in Layout. Reported by Tashita Software Security on 2024-07-11
Google Chrome update, version 127.0.6533.99 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  | |
CVE-2024-7272A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component. | CVSS 8.8 | Ffmpeg | Exploit | - |  |
CVE-2024-7055A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. | CVSS 6.3 | Ffmpeg | - | - |  |
CVE-2024-7018Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | CVSS 8.8 | - | - |  | |
CVE-2024-6994[Severity: Medium]
Heap buffer overflow in Layout. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2024-05-10
Google Chrome update, version 127.0.6533.72 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  | |
CVE-2024-6873It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote code execution (RCE) code has been produced or exploited.
Fixes have been merged to all currently supported version of ClickHouse. If you are maintaining your own forked version of ClickHouse or using an older version and cannot upgrade, the fix for this vulnerability can be found in this commit https://github.com/ClickHouse/ClickHouse/pull/64024 . | CVSS 8.1 | Clickhouse | - | - |  |
CVE-2024-6444No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. | CVSS 6.5 | Zephyrproject | - | Patched |  |
CVE-2024-6383The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1 | CVSS 5.3 | Mongodb | - | - |  |
CVE-2024-6259BT: HCI: adv_ext_report Improper discarding in adv_ext_report | CVSS 6.5 | Zephyrproject | Exploit | Patched |  |
CVE-2024-6258BT: Missing length checks of net_buf in rfcomm_handle_data | CVSS 6.5 | Zephyrproject | Exploit | Patched |  |
CVE-2024-6154Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.
The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. Was ZDI-CAN-20450. | CVSS 6.7 | Parallels | Exploit | - |  |
CVE-2024-6135BT:Classic: Multiple missing buf length checks | CVSS 6.5 | Zephyrproject | Exploit | Patched |  |
CVE-2024-5835[Severity: High]
Heap buffer overflow in Tab Groups. Reported by Weipeng Jiang (@Krace) of VRI on 2024-05-22
Google Chrome update, version 126.0.6478.54 fixes the following vulnerabilities. | CVSS 8.8 | Fedoraproject, et al | - | Patched |  |
CVE-2024-5493Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 7.5 | Google, et al | - | Patched |  |
CVE-2024-5301Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22917. | CVSS 7.8 | Tungstenautomation, et al | Exploit | - |  |
CVE-2024-52531GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this. | CVSS 8.4 | Gnome | - | Patched |  |
CVE-2024-5228TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.
The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22383. | CVSS Low | Tp-link | Exploit | - |  |
CVE-2024-5160[Severity: High]
Heap buffer overflow in Dawn. Reported by wgslfuzz on 2024-05-01
Google Chrome update, version 125.0.6422.76 fixes the following vulnerabilities. | CVSS 8.8 | Google, et al | - | Patched |  |
CVE-2024-5159[Severity: High]
Heap buffer overflow in ANGLE. Reported by David Sievers (@loknop) on 2024-04-18
Google Chrome update, version 125.0.6422.76 fixes the following vulnerabilities. | CVSS 8.8 | Google, et al | - | Patched |  |
CVE-2024-49525Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | Adobe | - | Patched |  |
CVE-2024-49517Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | Adobe | - | Patched |  |
CVE-2024-49509InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | Adobe | - | Patched |  |
CVE-2024-49508InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | Adobe | - | Patched |  |
CVE-2024-49507InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | Adobe | - | Patched |  |
CVE-2024-49030Microsoft Excel Remote Code Execution Vulnerability | CVSS 7.8 | Microsoft | - | Patched |  |
CVE-2024-49017SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-49015SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-49013SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-49012SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-49011SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-49010SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-49009SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-49008SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-49007SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-49006SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-49005SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-49004SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-49002SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-49001SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-49000SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-48999SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-48998SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-48997SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-48996SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-48995SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-48994SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-48993SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-47964Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. | CVSS 7.8 | Deltaww | - | - |  |
CVE-2024-47450Illustrator versions 28.7.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | Adobe | - | Patched |  |
CVE-2024-47431Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | Adobe | - | Patched |  |
CVE-2024-47417
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical | CVSS 7.8 | Adobe | - | Patched |  |
CVE-2024-46632Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function. | CVSS 4.3 | Assimp | - | - |  |
CVE-2024-46488sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | CVSS 5.5 | Sqlite | Exploit | Patched |  |
CVE-2024-46461VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges. | CVSS 8 | Videolan | - | - |  |
CVE-2024-45993Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb. | CVSS 6.5 | Giflib project | - | Patched |  |
CVE-2024-45872Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs due to insufficient validation of PSD files. | CVSS 6.3 | Bandisoft | - | - |  |
CVE-2024-45679Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product. | CVSS 8.4 | Assimp | - | - |  |
CVE-2024-4559Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 7.5 | - | Patched |  | |
CVE-2024-45306Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of
a line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at
the specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade. | CVSS 5.5 | Vim | - | Patched |  |
CVE-2024-45143Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | Adobe | - | Patched |  |
CVE-2024-45139Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | Adobe | - | Patched |  |
CVE-2024-43802Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue. | CVSS 4.5 | Vim | - | Patched |  |
CVE-2024-43790Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689. | CVSS 4.5 | Vim | - | Patched |  |
CVE-2024-43756Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | Adobe | - | Patched |  |
CVE-2024-43627Windows Telephony Service Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-43626Windows Telephony Service Elevation of Privilege Vulnerability | CVSS 7.8 | Microsoft | - | Patched |  |
CVE-2024-43622Windows Telephony Service Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-43621Windows Telephony Service Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-43620Windows Telephony Service Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-43611Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-43608Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-43607Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-43598LightGBM Remote Code Execution Vulnerability | CVSS 8.1 | Microsoft | - | Patched |  |
CVE-2024-43593Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-43592Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-43589Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched |  |
CVE-2024-43587Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | CVSS 5.9 | Microsoft | - | Patched |  |
CVE-2024-43579Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | CVSS 7.6 | Microsoft | - | Patched |  |
CVE-2024-43578Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | CVSS 7.6 | Microsoft | - | Patched |  |