Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-122
Total 174 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-46605 1 Bentley 3 Microstation, Microstation Connect, View 2022-02-25 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15399.
CVE-2021-46606 1 Bentley 3 Microstation, Microstation Connect, View 2022-02-25 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15400.
CVE-2021-46603 1 Bentley 3 Microstation, Microstation Connect, View 2022-02-25 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15397.
CVE-2021-46577 1 Bentley 3 Microstation, Microstation Connect, View 2022-02-25 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15371.
CVE-2022-0631 1 Mruby 1 Mruby 2022-02-25 7.5 HIGH 9.8 CRITICAL
Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.
CVE-2022-0570 1 Mruby 1 Mruby 2022-02-22 7.5 HIGH 9.8 CRITICAL
Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.
CVE-2022-0080 1 Mruby 1 Mruby 2022-01-11 7.5 HIGH 9.8 CRITICAL
mruby is vulnerable to Heap-based Buffer Overflow
CVE-2021-38415 1 Fujielectric 2 V-server, V-simulator 2021-12-27 6.8 MEDIUM 7.8 HIGH
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.
CVE-2020-25664 2 Fedoraproject, Imagemagick 2 Fedora, Imagemagick 2021-12-16 5.8 MEDIUM 6.1 MEDIUM
In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.
CVE-2021-44442 1 Siemens 2 Jt Open Toolkit, Jt Utilities 2021-12-14 6.8 MEDIUM 7.8 HIGH
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14995)
CVE-2021-34583 1 Codesys 1 Codesys 2021-10-28 5.0 MEDIUM 7.5 HIGH
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
CVE-2021-36050 1 Adobe 1 Xmp Toolkit Software Development Kit 2021-10-26 9.3 HIGH 7.8 HIGH
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
CVE-2021-36054 1 Adobe 1 Xmp Toolkit Software Development Kit 2021-10-26 4.3 MEDIUM 5.5 MEDIUM
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
CVE-2021-36056 1 Adobe 1 Xmp Toolkit Software Development Kit 2021-10-26 9.3 HIGH 7.8 HIGH
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
CVE-2020-14311 4 Canonical, Gnu, Opensuse and 1 more 7 Ubuntu Linux, Grub2, Leap and 4 more 2021-10-19 3.6 LOW 6.0 MEDIUM
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
CVE-2021-39863 3 Adobe, Apple, Microsoft 8 Acrobat, Acrobat 2017, Acrobat Dc and 5 more 2021-10-06 6.8 MEDIUM 7.8 HIGH
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-39823 2 Adobe, Linux 2 Svg-native-viewer, Linux Kernel 2021-10-04 6.8 MEDIUM 7.8 HIGH
Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
CVE-2021-38404 1 Deltaww 1 Dopsoft 2021-10-04 6.8 MEDIUM 7.8 HIGH
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2021-32959 1 Aveva 1 Suitelink 2021-10-01 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06
CVE-2021-29457 3 Debian, Exiv2, Fedoraproject 3 Debian Linux, Exiv2, Fedora 2021-09-21 6.8 MEDIUM 7.8 HIGH
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4.