Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Corel Subscribe
Total 45 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-4900 1 Corel 1 Wordperfect Office X6 2020-01-27 4.3 MEDIUM 5.5 MEDIUM
Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference
CVE-2013-0733 1 Corel 2 Paintshop Pro X5, Paintshop Pro X6 2019-07-18 9.3 HIGH N/A
Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 16.0.0.113, 15.2.0.2, and earlier allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .jpg file.
CVE-2019-6114 1 Corel 1 Paintshop Pro 2019 2019-06-19 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. An integer overflow in the jp2 parsing library allows an attacker to overwrite memory and to execute arbitrary code.
CVE-2007-1735 1 Corel 1 Wordperfect 2018-10-16 9.3 HIGH N/A
Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565) allows user-assisted remote attackers to execute arbitrary code via a long printer selection (PRS) name in a Wordperfect document.
CVE-2009-2564 3 Adobe, Corel, Nos Microsystems 3 Acrobat Reader, Getplus Download Manager, Getplus Download Manager 2018-10-10 7.2 HIGH N/A
NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot.
CVE-2014-8398 1 Corel 1 Fastflick 2018-10-09 4.6 MEDIUM N/A
Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3) MSPStyleLib.dll, (4) uFioUtil.dll, (5) uhDSPlay.dll, (6) uipl.dll, (7) uvipl.dll, (8) VC1DecDll.dll, or (9) VC1DecDll_SSE3.dll file that is located in the same folder as the file being processed.
CVE-2014-8393 1 Corel 5 Coreldraw, Coreldraw Photo Paint, Paint Shop Pro and 2 more 2018-10-09 4.6 MEDIUM 7.8 HIGH
DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion.
CVE-2014-8394 1 Corel 1 Corelcad 2018-10-09 4.6 MEDIUM N/A
Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working directory.
CVE-2014-8395 1 Corel 1 Painter 2018-10-09 4.6 MEDIUM N/A
Untrusted search path vulnerability in Corel Painter 2015 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wacommt.dll file that is located in the same folder as the file being processed.
CVE-2014-8396 1 Corel 1 Pdf Fusion 2018-10-09 4.6 MEDIUM N/A
Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same folder as the file being processed.
CVE-2014-8397 1 Corel 2 Fastflick, Videostudio Pro 2018-10-09 4.6 MEDIUM N/A
Untrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is located in the same folder as the file being processed.
CVE-2007-2209 2 Accusoft, Corel 2 Imagegear, Paint Shop Pro 2017-10-10 6.8 MEDIUM N/A
Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ImageGear, as used in Corel Paint Shop Pro Photo 11.20 and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted .CLP file. NOTE: some details were obtained from third party sources.
CVE-2007-2366 1 Corel 1 Paint Shop Pro 2017-10-10 7.4 HIGH N/A
Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.
CVE-2012-4728 1 Corel 1 Quattro Pro X6 2017-08-28 4.3 MEDIUM N/A
The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted QPW file.
CVE-2009-4251 1 Corel 1 Paint Shop Pro 2017-08-16 9.3 HIGH N/A
Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel Paint Shop Pro) allows user-assisted remote attackers to execute arbitrary code via a crafted PNG file. NOTE: this might be the same issue as CVE-2007-2366.
CVE-2007-2921 1 Corel 1 Activecgm Browser 2017-07-28 9.3 HIGH N/A
Multiple buffer overflows in acgm.dll in the Corel / Micrografx ActiveCGM Browser ActiveX control before 7.1.4.19 allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2015-6948 1 Corel 1 Wordperfect 2016-12-21 6.8 MEDIUM N/A
Heap-based buffer overflow in the Microsoft Word document conversion feature in Corel WordPerfect allows remote attackers to execute arbitrary code via a crafted document.
CVE-1999-1173 1 Corel 1 Wordperfect 2016-10-17 2.1 LOW N/A
Corel Word Perfect 8 for Linux creates a temporary working directory with world-writable permissions, which allows local users to (1) modify Word Perfect behavior by modifying files in the working directory, or (2) modify files of other users via a symlink attack.
CVE-2013-0742 1 Corel 1 Pdf Fusion 2013-10-07 9.3 HIGH N/A
Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long ZIP directory entry name in an XPS file.
CVE-2013-3248 1 Corel 1 Pdf Fusion 2013-10-04 9.3 HIGH N/A
Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf or .xps file.