Common Weakness Enumeration

CWE-763

Allowed

Release of Invalid Pointer or Reference

Abstraction: Base · Status: Incomplete

The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

109 vulnerabilities reference this CWE, most recent first.

CVE-2026-57248 (GCVE-0-2026-57248)

Vulnerability from cvelistv5 – Published: 2026-07-08 07:36 – Updated: 2026-07-08 12:38
VLAI
Title
Foxit PDF Editor/Reader Annotation Improper Release Vulnerability
Summary
When the application opens a PDF file and JavaScript writes annotation attributes, there is a lack of sufficient object type and argument checks. As a result, due to the damage to the internal structure of the annotations, it causes the application to crash during subsequent release.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-763 - Release of invalid pointer or reference
Assigner
Impacted products
Vendor Product Version
Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
Affected: Versions 14.0.4 and earlier
Affected: Versions 13.2.4 and earlier
Create a notification for this product.
Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
Create a notification for this product.
Credits
XuPeng
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-57248",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-08T12:38:08.327134Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-08T12:38:26.513Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Foxit PDF Editor",
          "vendor": "Foxit Software Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 2026.1.1 and earlier"
            },
            {
              "status": "affected",
              "version": "Versions 14.0.4 and earlier"
            },
            {
              "status": "affected",
              "version": "Versions 13.2.4 and earlier"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Foxit PDF Reader",
          "vendor": "Foxit Software Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 2026.1.1 and earlier"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "XuPeng"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When the application opens a PDF file and JavaScript writes annotation attributes, there is a lack of sufficient object type and argument checks. As a result, due to the damage to the internal structure of the annotations, it causes the application to crash during subsequent release."
            }
          ],
          "value": "When the application opens a PDF file and JavaScript writes annotation attributes, there is a lack of sufficient object type and argument checks. As a result, due to the damage to the internal structure of the annotations, it causes the application to crash during subsequent release."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential arbitrary code execution"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-763",
              "description": "CWE-763 Release of invalid pointer or reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-08T07:36:18.835Z",
        "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "shortName": "Foxit"
      },
      "references": [
        {
          "url": "https://www.foxit.com/support/security-bulletins.html"
        }
      ],
      "title": "Foxit PDF Editor/Reader Annotation Improper Release Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
    "assignerShortName": "Foxit",
    "cveId": "CVE-2026-57248",
    "datePublished": "2026-07-08T07:36:18.835Z",
    "dateReserved": "2026-06-24T03:01:18.717Z",
    "dateUpdated": "2026-07-08T12:38:26.513Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-47312 (GCVE-0-2026-47312)

Vulnerability from cvelistv5 – Published: 2026-05-19 06:27 – Updated: 2026-05-19 13:17
VLAI
Summary
Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-763 - Release of invalid pointer or reference
References
Impacted products
Vendor Product Version
Samsung Open Source Escargot Affected: 590345cc6258317c5da850d846ce6baaf2afc2d3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-47312",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-19T13:17:11.980469Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-19T13:17:19.184Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Escargot",
          "vendor": "Samsung Open Source",
          "versions": [
            {
              "status": "affected",
              "version": "590345cc6258317c5da850d846ce6baaf2afc2d3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation.\u003cp\u003eThis issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.\u003c/p\u003e"
            }
          ],
          "value": "Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation.\n\nThis issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-123",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-123 Buffer Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-763",
              "description": "CWE-763 Release of invalid pointer or reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-19T06:27:17.516Z",
        "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "shortName": "samsung.tv_appliance"
      },
      "references": [
        {
          "url": "https://github.com/Samsung/escargot/pull/1565"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
    "assignerShortName": "samsung.tv_appliance",
    "cveId": "CVE-2026-47312",
    "datePublished": "2026-05-19T06:27:17.516Z",
    "dateReserved": "2026-05-19T02:40:40.159Z",
    "dateUpdated": "2026-05-19T13:17:19.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22770 (GCVE-0-2026-22770)

Vulnerability from cvelistv5 – Published: 2026-01-20 00:48 – Updated: 2026-01-21 20:10
VLAI
Title
ImageMagick vulnerable to Release of Invalid Pointer in BilateralBlur when memory allocation fails
Summary
ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails. Version 7.1.2-13 contains a patch for the issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-763 - Release of Invalid Pointer or Reference
Assigner
References
Impacted products
Vendor Product Version
ImageMagick ImageMagick Affected: < 7.1.2-13
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22770",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-21T20:05:17.303115Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-21T20:10:46.858Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "ImageMagick",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.1.2-13"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails. Version 7.1.2-13 contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-763",
              "description": "CWE-763: Release of Invalid Pointer or Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-20T00:48:19.241Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e"
        }
      ],
      "source": {
        "advisory": "GHSA-39h3-g67r-7g3c",
        "discovery": "UNKNOWN"
      },
      "title": "ImageMagick vulnerable to Release of Invalid Pointer in BilateralBlur when memory allocation fails"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-22770",
    "datePublished": "2026-01-20T00:48:19.241Z",
    "dateReserved": "2026-01-09T18:27:19.387Z",
    "dateUpdated": "2026-01-21T20:10:46.858Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9516 (GCVE-0-2026-9516)

Vulnerability from cvelistv5 – Published: 2026-06-03 00:15 – Updated: 2026-06-03 15:58
VLAI
Title
Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws
Summary
Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decode_json() advances the input scalar's string pointer past the mark with SvPV_set() and restores it only on the normal return path. When decoding aborts through a Perl exception, for example a filter_json_object callback that croaks, the restore is skipped and the scalar is left with its string pointer offset into its own buffer and a shortened length. When that scalar is later freed, the allocator receives an invalid pointer and the interpreter aborts. A single BOM prefixed document decoded with a throwing filter callback crashes any caller.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-763 - Release of Invalid Pointer or Reference
  • CWE-755 - Improper Handling of Exceptional Conditions
Assigner
Impacted products
Vendor Product Version
RURBAN Cpanel::JSON::XS Affected: 0 , < 4.41 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-06-03T09:35:39.521Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/06/03/5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-9516",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-03T15:58:42.977647Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-03T15:58:49.426Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://cpan.org/modules",
          "defaultStatus": "unaffected",
          "packageName": "Cpanel-JSON-XS",
          "product": "Cpanel::JSON::XS",
          "programFiles": [
            "XS.xs"
          ],
          "programRoutines": [
            {
              "name": "decode_json"
            }
          ],
          "repo": "https://github.com/rurban/Cpanel-JSON-XS",
          "vendor": "RURBAN",
          "versions": [
            {
              "lessThan": "4.41",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws.\n\nTo skip a leading 3-byte UTF-8 BOM, decode_json() advances the input scalar\u0027s string pointer past the mark with SvPV_set() and restores it only on the normal return path. When decoding aborts through a Perl exception, for example a filter_json_object callback that croaks, the restore is skipped and the scalar is left with its string pointer offset into its own buffer and a shortened length.\n\nWhen that scalar is later freed, the allocator receives an invalid pointer and the interpreter aborts. A single BOM prefixed document decoded with a throwing filter callback crashes any caller."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-763",
              "description": "CWE-763 Release of Invalid Pointer or Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-755",
              "description": "CWE-755 Improper Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-03T00:15:51.685Z",
        "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "shortName": "CPANSec"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/rurban/Cpanel-JSON-XS/commit/dfe1b41a36caba51dc12a2917fe50285d1ffaa7b.patch"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.41/changes"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to Cpanel::JSON::XS 4.41 or later."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-18T00:00:00.000Z",
          "value": "Issue reported."
        },
        {
          "lang": "en",
          "time": "2026-05-27T00:00:00.000Z",
          "value": "Version 4.41 released with fix."
        },
        {
          "lang": "en",
          "time": "2026-05-28T00:00:00.000Z",
          "value": "Fix verified."
        }
      ],
      "title": "Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws",
      "x_generator": {
        "engine": "cpansec-cna-tool 0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
    "assignerShortName": "CPANSec",
    "cveId": "CVE-2026-9516",
    "datePublished": "2026-06-03T00:15:51.685Z",
    "dateReserved": "2026-05-25T18:54:26.396Z",
    "dateUpdated": "2026-06-03T15:58:49.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-65116 (GCVE-0-2025-65116)

Vulnerability from cvelistv5 – Published: 2026-04-07 05:43 – Updated: 2026-04-07 13:25
VLAI
Title
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM
Summary
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-763 - Release of invalid pointer or reference
Assigner
Impacted products
Vendor Product Version
Hitachi JP1/IT Desktop Management 2 - Manager Affected: 13-50 , < 13-50-02 (custom)
Affected: 13-11 , < 13-11-04 (custom)
Affected: 13-10 , < 13-10-07 (custom)
Affected: 13-01 , < 13-01-07 (custom)
Affected: 13-00 , < 13-00-05 (custom)
Affected: 12-60 , < 12-60-12 (custom)
Affected: 10-50 , ≤ 12-50-11 (custom)
Create a notification for this product.
Hitachi JP1/IT Desktop Management 2 - Operations Director Affected: 13-50 , < 13-50-02 (custom)
Affected: 13-11 , < 13-11-04 (custom)
Affected: 13-10 , < 13-10-07 (custom)
Affected: 13-01 , < 13-01-07 (custom)
Affected: 13-00 , < 13-00-05 (custom)
Affected: 12-60 , < 12-60-12 (custom)
Affected: 10-50 , ≤ 12-50-11 (custom)
Create a notification for this product.
Hitachi Job Management Partner 1/IT Desktop Management 2 - Manager Affected: 10-50 , ≤ 10-50-11 (custom)
Create a notification for this product.
Hitachi JP1/IT Desktop Management - Manager Affected: 09-50 , ≤ 10-10-16 (custom)
Create a notification for this product.
Hitachi Job Management Partner 1/IT Desktop Management - Manager Affected: 09-50 , ≤ 10-10-16 (custom)
Create a notification for this product.
Hitachi JP1/NETM/DM Manager Affected: 09-00 , ≤ 10-20-02 (custom)
Create a notification for this product.
Hitachi JP1/NETM/DM Client Affected: 09-00 , ≤ 10-20-02 (custom)
Create a notification for this product.
Hitachi Job Management Partner 1/Software Distribution Manager Affected: 09-00 , ≤ 09-51-13 (custom)
Create a notification for this product.
Hitachi Job Management Partner 1/Software Distribution Client Affected: 09-00 , ≤ 09-51-13 (custom)
Create a notification for this product.
Credits
Ruslan Sayfiev Denis Faiustov
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-65116",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-07T13:25:49.919013Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-07T13:25:56.036Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/IT Desktop Management 2 - Manager",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "13-50-02",
                  "status": "unaffected"
                }
              ],
              "lessThan": "13-50-02",
              "status": "affected",
              "version": "13-50",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "13-11-04",
                  "status": "unaffected"
                }
              ],
              "lessThan": "13-11-04",
              "status": "affected",
              "version": "13-11",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "13-10-07",
                  "status": "unaffected"
                }
              ],
              "lessThan": "13-10-07",
              "status": "affected",
              "version": "13-10",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "13-01-07",
                  "status": "unaffected"
                }
              ],
              "lessThan": "13-01-07",
              "status": "affected",
              "version": "13-01",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "13-00-05",
                  "status": "unaffected"
                }
              ],
              "lessThan": "13-00-05",
              "status": "affected",
              "version": "13-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-60-12",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-60-12",
              "status": "affected",
              "version": "12-60",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "12-50-11",
              "status": "affected",
              "version": "10-50",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/IT Desktop Management 2 - Operations Director",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "13-50-02",
                  "status": "unaffected"
                }
              ],
              "lessThan": "13-50-02",
              "status": "affected",
              "version": "13-50",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "13-11-04",
                  "status": "unaffected"
                }
              ],
              "lessThan": "13-11-04",
              "status": "affected",
              "version": "13-11",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "13-10-07",
                  "status": "unaffected"
                }
              ],
              "lessThan": "13-10-07",
              "status": "affected",
              "version": "13-10",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "13-01-07",
                  "status": "unaffected"
                }
              ],
              "lessThan": "13-01-07",
              "status": "affected",
              "version": "13-01",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "13-00-05",
                  "status": "unaffected"
                }
              ],
              "lessThan": "13-00-05",
              "status": "affected",
              "version": "13-00",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "12-60-12",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12-60-12",
              "status": "affected",
              "version": "12-60",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "12-50-11",
              "status": "affected",
              "version": "10-50",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Job Management Partner 1/IT Desktop Management 2 - Manager",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThanOrEqual": "10-50-11",
              "status": "affected",
              "version": "10-50",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/IT Desktop Management - Manager",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThanOrEqual": "10-10-16",
              "status": "affected",
              "version": "09-50",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Job Management Partner 1/IT Desktop Management - Manager",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThanOrEqual": "10-10-16",
              "status": "affected",
              "version": "09-50",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/NETM/DM Manager",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "10-30",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "10-20-02",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "JP1/NETM/DM Client",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "10-30",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "10-20-02",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Job Management Partner 1/Software Distribution Manager",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThanOrEqual": "09-51-13",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Job Management Partner 1/Software Distribution Client",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThanOrEqual": "09-51-13",
              "status": "affected",
              "version": "09-00",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ruslan Sayfiev"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Denis Faiustov"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.\u003cp\u003eThis issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.\u003c/p\u003e"
            }
          ],
          "value": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-763",
              "description": "CWE-763 Release of invalid pointer or reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T05:43:25.553Z",
        "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "shortName": "Hitachi"
      },
      "references": [
        {
          "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-118/index.html"
        }
      ],
      "source": {
        "advisory": "hitachi-sec-2026-118",
        "discovery": "EXTERNAL"
      },
      "title": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
    "assignerShortName": "Hitachi",
    "cveId": "CVE-2025-65116",
    "datePublished": "2026-04-07T05:43:25.553Z",
    "dateReserved": "2025-11-18T01:27:41.899Z",
    "dateUpdated": "2026-04-07T13:25:56.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-48768 (GCVE-0-2025-48768)

Vulnerability from cvelistv5 – Published: 2026-01-01 16:14 – Updated: 2026-01-05 20:06
VLAI
Title
Apache NuttX RTOS: fs/inode: fs_inoderemove root inode removal
Summary
Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service. This issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0. Users of filesystem based services with write access that were exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.10.0 that fixes the issue.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-763 - Release of Invalid Pointer or Reference
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache NuttX RTOS Affected: 10.0.0 , < 12.10.0 (semver)
Create a notification for this product.
Credits
Liu, Richard Jiayang <rjliu3@illinois.edu> Liu, Richard Jiayang <rjliu3@illinois.edu> Alan Carvalho de Assis <acassis@apache.org> Tomek CEDRO <cederom@apache.org> Xiang Xiao <xiaoxiang@apache.org> Jiuzhu Dong <jiuzhudong@apache.org>
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-01T17:07:55.346Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/12/31/10"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-48768",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-05T20:05:18.959542Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-05T20:06:13.296Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache NuttX RTOS",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "12.10.0",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Liu, Richard Jiayang \u003crjliu3@illinois.edu\u003e"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Liu, Richard Jiayang \u003crjliu3@illinois.edu\u003e"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Alan Carvalho de Assis \u003cacassis@apache.org\u003e"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Tomek CEDRO \u003ccederom@apache.org\u003e"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Xiang Xiao \u003cxiaoxiang@apache.org\u003e"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Jiuzhu Dong \u003cjiuzhudong@apache.org\u003e"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eRelease of Invalid Pointer or Reference vulnerability was discovered in\u0026nbsp;fs/inode/fs_inoderemove\u0026nbsp;code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service.\u003c/p\u003e\u003cp\u003eThis issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0.\u003c/p\u003e\u003cp\u003eUsers of filesystem based services with write access that were exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.10.0 that fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Release of Invalid Pointer or Reference vulnerability was discovered in\u00a0fs/inode/fs_inoderemove\u00a0code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service.\n\nThis issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0.\n\nUsers of filesystem based services with write access that were exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.10.0 that fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-763",
              "description": "CWE-763 Release of Invalid Pointer or Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-01T16:14:00.837Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/apache/nuttx/pull/16437"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/nwo1kd08b7t3dyz082q2pghdxwvxwyvo"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache NuttX RTOS: fs/inode: fs_inoderemove root inode removal",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-48768",
    "datePublished": "2026-01-01T16:14:00.837Z",
    "dateReserved": "2025-05-26T00:41:34.307Z",
    "dateUpdated": "2026-01-05T20:06:13.296Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-47329 (GCVE-0-2025-47329)

Vulnerability from cvelistv5 – Published: 2025-09-24 15:33 – Updated: 2026-02-26 17:48
VLAI
Title
Release of Invalid Pointer or Reference in Android Core
Summary
Memory corruption while handling invalid inputs in application info setup.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-763 - Release of Invalid Pointer or Reference
Assigner
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: FastConnect 7800
Affected: QAM8255P
Affected: QAM8775P
Affected: QCA6574
Affected: QCA6574A
Affected: QCA6574AU
Affected: QCA6595
Affected: QCA6595AU
Affected: QCA6696
Affected: QCM6690
Affected: QCS6690
Affected: SA6155P
Affected: SA8155P
Affected: SA8195P
Affected: SA8255P
Affected: SA8770P
Affected: SA8775P
Affected: SA9000P
Affected: Snapdragon 8 Gen 3 Mobile Platform
Affected: Snapdragon AR1 Gen 1 Platform
Affected: Snapdragon AR1 Gen 1 Platform "Luna1"
Affected: Snapdragon W5+ Gen 1 Wearable Platform
Affected: SW5100
Affected: SW5100P
Affected: WCD9380
Affected: WCD9385
Affected: WCD9390
Affected: WCD9395
Affected: WCN6450
Affected: WCN6755
Affected: WCN7861
Affected: WCN7881
Affected: WSA8830
Affected: WSA8832
Affected: WSA8835
Affected: WSA8840
Affected: WSA8845
Affected: WSA8845H
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-47329",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-25T03:55:45.504655Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:48:08.693Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Auto",
            "Snapdragon Compute",
            "Snapdragon Industrial IOT",
            "Snapdragon Wearables"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "QAM8255P"
            },
            {
              "status": "affected",
              "version": "QAM8775P"
            },
            {
              "status": "affected",
              "version": "QCA6574"
            },
            {
              "status": "affected",
              "version": "QCA6574A"
            },
            {
              "status": "affected",
              "version": "QCA6574AU"
            },
            {
              "status": "affected",
              "version": "QCA6595"
            },
            {
              "status": "affected",
              "version": "QCA6595AU"
            },
            {
              "status": "affected",
              "version": "QCA6696"
            },
            {
              "status": "affected",
              "version": "QCM6690"
            },
            {
              "status": "affected",
              "version": "QCS6690"
            },
            {
              "status": "affected",
              "version": "SA6155P"
            },
            {
              "status": "affected",
              "version": "SA8155P"
            },
            {
              "status": "affected",
              "version": "SA8195P"
            },
            {
              "status": "affected",
              "version": "SA8255P"
            },
            {
              "status": "affected",
              "version": "SA8770P"
            },
            {
              "status": "affected",
              "version": "SA8775P"
            },
            {
              "status": "affected",
              "version": "SA9000P"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 3 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR1 Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
            },
            {
              "status": "affected",
              "version": "Snapdragon W5+ Gen 1 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "SW5100"
            },
            {
              "status": "affected",
              "version": "SW5100P"
            },
            {
              "status": "affected",
              "version": "WCD9380"
            },
            {
              "status": "affected",
              "version": "WCD9385"
            },
            {
              "status": "affected",
              "version": "WCD9390"
            },
            {
              "status": "affected",
              "version": "WCD9395"
            },
            {
              "status": "affected",
              "version": "WCN6450"
            },
            {
              "status": "affected",
              "version": "WCN6755"
            },
            {
              "status": "affected",
              "version": "WCN7861"
            },
            {
              "status": "affected",
              "version": "WCN7881"
            },
            {
              "status": "affected",
              "version": "WSA8830"
            },
            {
              "status": "affected",
              "version": "WSA8832"
            },
            {
              "status": "affected",
              "version": "WSA8835"
            },
            {
              "status": "affected",
              "version": "WSA8840"
            },
            {
              "status": "affected",
              "version": "WSA8845"
            },
            {
              "status": "affected",
              "version": "WSA8845H"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption while handling invalid inputs in application info setup."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-763",
              "description": "CWE-763: Release of Invalid Pointer or Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-24T15:33:56.356Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html"
        }
      ],
      "title": "Release of Invalid Pointer or Reference in Android Core"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2025-47329",
    "datePublished": "2025-09-24T15:33:56.356Z",
    "dateReserved": "2025-05-06T08:33:16.261Z",
    "dateUpdated": "2026-02-26T17:48:08.693Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-30379 (GCVE-0-2025-30379)

Vulnerability from cvelistv5 – Published: 2025-05-13 16:58 – Updated: 2026-02-13 19:21
VLAI
Title
Microsoft Excel Remote Code Execution Vulnerability
Summary
Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-763 - Release of Invalid Pointer or Reference
Assigner
References
Impacted products
Vendor Product Version
Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Create a notification for this product.
Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5500.1000 (custom)
Create a notification for this product.
Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Create a notification for this product.
Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Create a notification for this product.
Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Create a notification for this product.
Microsoft Microsoft Office LTSC for Mac 2021 Affected: 16.0.1 , < 16.97.25042725 (custom)
Create a notification for this product.
Microsoft Microsoft Office LTSC for Mac 2024 Affected: 16.0.0 , < 16.97.25042725 (custom)
Create a notification for this product.
Microsoft Office Online Server Affected: 16.0.0.0 , < 16.0.10417.20010 (custom)
Create a notification for this product.
Date Public
2025-05-13 07:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30379",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-13T18:21:23.418123Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-13T18:21:31.261Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Excel 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5500.1000",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.97.25042725",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.97.25042725",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Office Online Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10417.20010",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                  "versionEndExcluding": "16.0.10417.20010",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.97.25042725",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.97.25042725",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "16.0.5500.1000",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-05-13T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-763",
              "description": "CWE-763: Release of Invalid Pointer or Reference",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T19:21:02.150Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Excel Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30379"
        }
      ],
      "title": "Microsoft Excel Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-30379",
    "datePublished": "2025-05-13T16:58:41.975Z",
    "dateReserved": "2025-03-21T19:09:29.814Z",
    "dateUpdated": "2026-02-13T19:21:02.150Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-25215 (GCVE-0-2025-25215)

Vulnerability from cvelistv5 – Published: 2025-06-13 21:26 – Updated: 2025-11-03 19:44
VLAI
Title
Dell ControlVault3/ControlVault3 Plus cv_close arbitrary free vulnerability
Summary
An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-763 - Release of Invalid Pointer or Reference
Assigner
Impacted products
Credits
Discovered by Philippe Laulheret of Cisco Talos.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-25215",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-17T18:13:19.069921Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T18:13:30.525Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:44:58.322Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2129"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BCM5820X",
          "vendor": "Broadcom",
          "versions": [
            {
              "status": "affected",
              "version": "NA"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ControlVault3",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "5.15.10.14",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ControlVault3 Plus",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "6.2.26.36",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Discovered by Philippe Laulheret of Cisco Talos."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An arbitrary free vulnerability exists in the cv_close functionality of \nDell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call \ncan lead to an arbitrary free. An attacker can forge a fake session to \ntrigger this vulnerability."
            }
          ],
          "value": "An arbitrary free vulnerability exists in the cv_close functionality of \nDell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call \ncan lead to an arbitrary free. An attacker can forge a fake session to \ntrigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-763",
              "description": "CWE-763 Release of Invalid Pointer or Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-13T22:01:31.275Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "url": "https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Dell ControlVault3/ControlVault3 Plus cv_close arbitrary free vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2025-25215",
    "datePublished": "2025-06-13T21:26:58.869Z",
    "dateReserved": "2025-02-06T16:31:13.879Z",
    "dateUpdated": "2025-11-03T19:44:58.322Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14233 (GCVE-0-2025-14233)

Vulnerability from cvelistv5 – Published: 2026-01-15 23:37 – Updated: 2026-02-26 15:04
VLAI
Summary
Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-763 - Release of Invalid Pointer or Reference
Assigner
Impacted products
Vendor Product Version
Canon Inc. Satera LBP670C Series Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. Satera MF750C Series Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. Color imageCLASS LBP630C Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. Color imageCLASS MF650C Series Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. imageCLASS LBP230 Series Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. imageCLASS X LBP1238 II Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. imageCLASS MF450 Series Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. imageCLASS X MF1238 II Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. imageCLASS X MF1643i II Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. imageCLASS X MF1643iF II Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. i-SENSYS LBP630C Series Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. i-SENSYS MF650C Series Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. i-SENSYS LBP230 Series Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. 1238P II Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. 1238Pr II Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. i-SENSYS MF450 Series Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. i-SENSYS MF550 Series Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. 1238i II Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. 1238iF II Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. imageRUNNER 1643i II Affected: 06.02 and earlier
Create a notification for this product.
Canon Inc. imageRUNNER 1643iF II Affected: 06.02 and earlier
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14233",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-17T04:55:17.853082Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:05.546Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Satera LBP670C Series",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "Satera MF750C Series",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "Color imageCLASS LBP630C",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "Color imageCLASS MF650C Series",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "imageCLASS LBP230 Series",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "imageCLASS X LBP1238 II",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "imageCLASS MF450 Series",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "imageCLASS X MF1238 II",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "imageCLASS X MF1643i II",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "imageCLASS X MF1643iF II",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "i-SENSYS LBP630C Series",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "i-SENSYS MF650C Series",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "i-SENSYS LBP230 Series",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "1238P II",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "1238Pr II",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "i-SENSYS MF450 Series",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "i-SENSYS MF550 Series",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "1238i II",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "1238iF II",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "imageRUNNER 1643i II",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        },
        {
          "product": "imageRUNNER 1643iF II",
          "vendor": "Canon Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "06.02 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eInvalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.\u003c/p\u003e"
            }
          ],
          "value": "Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-763",
              "description": "CWE-763: Release of Invalid Pointer or Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T23:37:29.921Z",
        "orgId": "f98c90f0-e9bd-4fa7-911b-51993f3571fd",
        "shortName": "Canon"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.canon/advisory-information/cp2026-001/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://canon.jp/support/support-info/260115vulnerability-response"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Remediation-Measure-Against-Potential-Buffer-Overflow-Vulnerability-in-Laser-Printers-and-Small-Office-Multifunctional-Printers"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.canon-europe.com/support/product-security/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f98c90f0-e9bd-4fa7-911b-51993f3571fd",
    "assignerShortName": "Canon",
    "cveId": "CVE-2025-14233",
    "datePublished": "2026-01-15T23:37:29.921Z",
    "dateReserved": "2025-12-07T23:53:35.177Z",
    "dateUpdated": "2026-02-26T15:04:05.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Implementation

Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().

Mitigation
Implementation

When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory.

Mitigation MIT-4.6
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, glibc in Linux provides protection against free of invalid pointers.
Mitigation
Architecture and Design

Use a language that provides abstractions for memory allocation and deallocation.

No CAPEC attack patterns related to this CWE.