CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2020-36855 (GCVE-0-2020-36855)
Vulnerability from cvelistv5 – Published: 2025-10-21 15:02 – Updated: 2025-10-21 15:23
VLAI
Title
DCMTK dcmqrscp parseQuota stack-based overflow
Summary
A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component.
Severity
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.329028 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.329028 | signaturepermissions-required |
| https://vuldb.com/?submit.673137 | third-party-advisory |
| https://shimo.im/docs/rp3OMVMDPKtjn0km/ | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36855",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T15:23:22.095138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T15:23:26.003Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://shimo.im/docs/rp3OMVMDPKtjn0km/read"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"dcmqrscp"
],
"product": "DCMTK",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.6.0"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.6.4"
},
{
"status": "affected",
"version": "3.6.5"
},
{
"status": "unaffected",
"version": "3.6.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zh_vul (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in DCMTK up to 3.6.5 gefunden. Hiervon betroffen ist die Funktion parseQuota der Komponente dcmqrscp. Dank der Manipulation des Arguments StorageQuota mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden. Ein Aktualisieren auf die Version 3.6.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 0fef9f02e bezeichnet. Ein Upgrade der betroffenen Komponente wird empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T15:02:09.082Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329028 | DCMTK dcmqrscp parseQuota stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.329028"
},
{
"name": "VDB-329028 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329028"
},
{
"name": "Submit #673137 | DCMTK GitHub Repository DCMTK 3.6.5 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.673137"
},
{
"tags": [
"exploit"
],
"url": "https://shimo.im/docs/rp3OMVMDPKtjn0km/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-19T12:32:57.000Z",
"value": "VulDB entry last update"
}
],
"title": "DCMTK dcmqrscp parseQuota stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2020-36855",
"datePublished": "2025-10-21T15:02:09.082Z",
"dateReserved": "2025-10-19T10:27:07.409Z",
"dateUpdated": "2025-10-21T15:23:26.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36961 (GCVE-0-2020-36961)
Vulnerability from cvelistv5 – Published: 2026-01-28 17:35 – Updated: 2026-03-05 01:27
VLAI
Title
10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)
Summary
10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerability in exception handling that allows remote attackers to execute arbitrary code. Attackers can craft a malicious file with 209 bytes of padding and a specially constructed Structured Exception Handler to trigger code execution.
Severity
9.8 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49134 | exploit |
| https://www.10-strike.com | product |
| https://www.vulncheck.com/advisories/strike-netwo… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| 10-Strike Software | Network Inventory Explorer |
Affected:
8.65
|
Date Public
2020-09-02 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T20:01:38.866857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T18:13:07.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Network Inventory Explorer",
"vendor": "10-Strike Software",
"versions": [
{
"status": "affected",
"version": "8.65"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10-strike:network_inventory_explorer:8.65:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sectechs"
}
],
"datePublic": "2020-09-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerability in exception handling that allows remote attackers to execute arbitrary code. Attackers can craft a malicious file with 209 bytes of padding and a specially constructed Structured Exception Handler to trigger code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:27:10.492Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49134",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49134"
},
{
"name": "10-Strike Network Inventory Explorer Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.10-strike.com"
},
{
"name": "VulnCheck Advisory: 10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/strike-network-inventory-explorer-buffer-overflow-seh"
}
],
"title": "10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36961",
"datePublished": "2026-01-28T17:35:07.852Z",
"dateReserved": "2026-01-26T14:18:25.795Z",
"dateUpdated": "2026-03-05T01:27:10.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36965 (GCVE-0-2020-36965)
Vulnerability from cvelistv5 – Published: 2026-01-28 17:35 – Updated: 2026-01-29 18:12
VLAI
Title
docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)
Summary
docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler (SEH) overwrite to execute shellcode and gain remote system access.
Severity
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49100 | exploit |
| http://www.verypdf.com | product |
| https://www.vulncheck.com/advisories/docprint-pro… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VeryPDF.com, Inc. | docPrint Pro |
Affected:
8.0
|
Date Public
2020-07-26 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36965",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T18:59:26.010606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T18:12:24.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49100"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "docPrint Pro",
"vendor": "VeryPDF.com, Inc.",
"versions": [
{
"status": "affected",
"version": "8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "MasterVlad"
}
],
"datePublic": "2020-07-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "docPrint Pro 8.0 contains a local buffer overflow vulnerability in the \u0027Add URL\u0027 input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler (SEH) overwrite to execute shellcode and gain remote system access."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T17:35:09.476Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49100",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49100"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "http://www.verypdf.com"
},
{
"name": "VulnCheck Advisory: docPrint Pro 8.0 - \u0027Add URL\u0027 Buffer Overflow (SEH Egghunter)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/docprint-pro-add-url-buffer-overflow-seh-egghunter"
}
],
"title": "docPrint Pro 8.0 - \u0027Add URL\u0027 Buffer Overflow (SEH Egghunter)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36965",
"datePublished": "2026-01-28T17:35:09.476Z",
"dateReserved": "2026-01-27T15:47:07.998Z",
"dateUpdated": "2026-01-29T18:12:24.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36967 (GCVE-0-2020-36967)
Vulnerability from cvelistv5 – Published: 2026-01-28 17:35 – Updated: 2026-04-07 14:05
VLAI
Title
Zortam Mp3 Media Studio 27.60 - Remote Code Execution (SEH)
Summary
Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with shellcode to trigger a structured exception handler (SEH) overwrite and execute arbitrary commands on the target system.
Severity
9.8 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49084 | exploit |
| https://www.zortam.com/index.html | product |
| https://www.zortam.com/download.html | product |
| https://www.vulncheck.com/advisories/zortam-mp-me… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Zortam.com | Zortam Mp3 Media Studio |
Affected:
27.60
|
Date Public
2020-11-20 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36967",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T18:59:15.410183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T18:12:14.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49084"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Zortam Mp3 Media Studio",
"vendor": "Zortam.com",
"versions": [
{
"status": "affected",
"version": "27.60"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vincent Wolterman"
}
],
"datePublic": "2020-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with shellcode to trigger a structured exception handler (SEH) overwrite and execute arbitrary commands on the target system."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:05:11.065Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49084",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49084"
},
{
"name": "Zortam Official Homepage",
"tags": [
"product"
],
"url": "https://www.zortam.com/index.html"
},
{
"name": "Zortam Software Download Page",
"tags": [
"product"
],
"url": "https://www.zortam.com/download.html"
},
{
"name": "VulnCheck Advisory: Zortam Mp3 Media Studio 27.60 - Remote Code Execution (SEH)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/zortam-mp-media-studio-remote-code-execution-seh"
}
],
"title": "Zortam Mp3 Media Studio 27.60 - Remote Code Execution (SEH)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36967",
"datePublished": "2026-01-28T17:35:09.892Z",
"dateReserved": "2026-01-27T15:47:07.998Z",
"dateUpdated": "2026-04-07T14:05:11.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36971 (GCVE-0-2020-36971)
Vulnerability from cvelistv5 – Published: 2026-01-28 17:35 – Updated: 2026-01-28 21:20
VLAI
Title
Nidesoft 3GP Video Converter 2.6.18 - Local Stack Buffer Overflow
Summary
Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system.
Severity
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49034 | exploit |
| https://nidesoft-3gp-video-converter.software.inf… | product |
| https://www.vulncheck.com/advisories/nidesoft-gp-… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nidesoft | Nidesoft 3GP Video Converter |
Affected:
2.6.18
|
Date Public
2020-07-30 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36971",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T18:58:31.902874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T21:20:44.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49034"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nidesoft 3GP Video Converter",
"vendor": "Nidesoft",
"versions": [
{
"status": "affected",
"version": "2.6.18"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Felipe Winsnes"
}
],
"datePublic": "2020-07-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the \u0027License Code\u0027 field to execute arbitrary code on the system."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T17:35:11.554Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49034",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49034"
},
{
"name": "Archived Software Repository",
"tags": [
"product"
],
"url": "https://nidesoft-3gp-video-converter.software.informer.com/2.6/"
},
{
"name": "VulnCheck Advisory: Nidesoft 3GP Video Converter 2.6.18 - Local Stack Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/nidesoft-gp-video-converter-local-stack-buffer-overflow"
}
],
"title": "Nidesoft 3GP Video Converter 2.6.18 - Local Stack Buffer Overflow",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36971",
"datePublished": "2026-01-28T17:35:11.554Z",
"dateReserved": "2026-01-27T15:47:07.998Z",
"dateUpdated": "2026-01-28T21:20:44.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36997 (GCVE-0-2020-36997)
Vulnerability from cvelistv5 – Published: 2026-01-29 14:28 – Updated: 2026-05-12 20:46
VLAI
Title
BacklinkSpeed 2.4 - Buffer Overflow PoC (SEH)
Summary
BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the Structured Exception Handler (SEH) chain through malicious file import. Attackers can craft a specially designed payload file to overwrite SEH addresses, potentially executing arbitrary code and gaining control of the application.
Severity
9.8 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48726 | exploit |
| http://www.dummysoftware.com | product |
| http://www.dummysoftware.com/backlinkspeed.html | product |
| https://www.vulncheck.com/advisories/backlinkspee… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dummysoftware | BacklinkSpeed |
Affected:
2.4
|
Date Public
2020-08-01 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36997",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T16:21:48.357527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T16:22:27.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BacklinkSpeed",
"vendor": "Dummysoftware",
"versions": [
{
"status": "affected",
"version": "2.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Saeed reza Zamanian"
}
],
"datePublic": "2020-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the Structured Exception Handler (SEH) chain through malicious file import. Attackers can craft a specially designed payload file to overwrite SEH addresses, potentially executing arbitrary code and gaining control of the application."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T20:46:19.671Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48726",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48726"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "http://www.dummysoftware.com"
},
{
"name": "Software Download Page",
"tags": [
"product"
],
"url": "http://www.dummysoftware.com/backlinkspeed.html"
},
{
"name": "VulnCheck Advisory: BacklinkSpeed 2.4 - Buffer Overflow PoC (SEH)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/backlinkspeed-buffer-overflow-poc-seh"
}
],
"title": "BacklinkSpeed 2.4 - Buffer Overflow PoC (SEH)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36997",
"datePublished": "2026-01-29T14:28:26.713Z",
"dateReserved": "2026-01-27T15:47:08.000Z",
"dateUpdated": "2026-05-12T20:46:19.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-37000 (GCVE-0-2020-37000)
Vulnerability from cvelistv5 – Published: 2026-01-29 14:28 – Updated: 2026-05-12 20:46
VLAI
Title
Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter)
Summary
Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious WAV file with oversized payload. Attackers can leverage a specially crafted exploit file with shellcode, SEH bypass, and egghunter technique to achieve remote code execution on vulnerable Windows systems.
Severity
9.8 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48696 | exploit |
| https://www.cleanersoft.com | product |
| https://www.vulncheck.com/advisories/free-mp-cd-r… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cleanersoft Software | Free MP3 CD Ripper |
Affected:
2.8 Build 20140611
|
Date Public
2020-07-22 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37000",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T16:16:43.404522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T16:17:15.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Free MP3 CD Ripper",
"vendor": "Cleanersoft Software",
"versions": [
{
"status": "affected",
"version": "2.8 Build 20140611"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eduard Palisek"
}
],
"datePublic": "2020-07-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious WAV file with oversized payload. Attackers can leverage a specially crafted exploit file with shellcode, SEH bypass, and egghunter technique to achieve remote code execution on vulnerable Windows systems."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T20:46:20.766Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48696",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48696"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.cleanersoft.com"
},
{
"name": "VulnCheck Advisory: Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/free-mp-cd-ripper-stack-buffer-overflow-seh-egghunter"
}
],
"title": "Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37000",
"datePublished": "2026-01-29T14:28:27.444Z",
"dateReserved": "2026-01-27T15:47:08.000Z",
"dateUpdated": "2026-05-12T20:46:20.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-37001 (GCVE-0-2020-37001)
Vulnerability from cvelistv5 – Published: 2026-01-29 14:28 – Updated: 2026-05-12 20:46
VLAI
Title
Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter)
Summary
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler (SEH) and uses an egghunter technique to execute a reverse shell payload.
Severity
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48688 | exploit |
| https://web.archive.org/web/20171116000613/http:/… | product |
| https://www.vulncheck.com/advisories/frigate-prof… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Frigate3 | Frigate Professional |
Affected:
3.36.0.9
|
Date Public
2020-07-24 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37001",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T16:10:03.811811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T16:12:15.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Frigate Professional",
"vendor": "Frigate3",
"versions": [
{
"status": "affected",
"version": "3.36.0.9"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frigate:frigate:3.36.0.9:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "MasterVlad"
}
],
"datePublic": "2020-07-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the \u0027Archive To\u0027 input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler (SEH) and uses an egghunter technique to execute a reverse shell payload."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T20:46:21.499Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48688",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48688"
},
{
"name": "Archived Vendor Homepage",
"tags": [
"product"
],
"url": "https://web.archive.org/web/20171116000613/http://www.frigate3.com/index.php"
},
{
"name": "VulnCheck Advisory: Frigate Professional 3.36.0.9 - \u0027Pack File\u0027 Buffer Overflow (SEH Egghunter)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/frigate-professional-pack-file-buffer-overflow-seh-egghunter"
}
],
"title": "Frigate Professional 3.36.0.9 - \u0027Pack File\u0027 Buffer Overflow (SEH Egghunter)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37001",
"datePublished": "2026-01-29T14:28:27.807Z",
"dateReserved": "2026-01-27T15:47:08.000Z",
"dateUpdated": "2026-05-12T20:46:21.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-37013 (GCVE-0-2020-37013)
Vulnerability from cvelistv5 – Published: 2026-01-29 14:28 – Updated: 2026-05-12 20:46
VLAI
Title
Audio Playback Recorder 3.2.2 - Local Buffer Overflow (SEH)
Summary
Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler (SEH) to execute shellcode when pasting specially crafted input into the application's input fields.
Severity
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48796 | exploit |
| https://web.archive.org/web/20210105222148/https:… | exploit |
| https://archive.org/details/tucows_288670_Audio_P… | product |
| https://www.vulncheck.com/advisories/audio-playba… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tucows Inc. | Audio Playback Recorder |
Affected:
3.2.2
|
Date Public
2020-09-08 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37013",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T15:49:22.783188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T16:48:09.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48796"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Audio Playback Recorder",
"vendor": "Tucows Inc.",
"versions": [
{
"status": "affected",
"version": "3.2.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Felipe Winsnes"
}
],
"datePublic": "2020-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler (SEH) to execute shellcode when pasting specially crafted input into the application\u0027s input fields."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T20:46:26.754Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48796",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48796"
},
{
"name": "Archived Researcher Proof of Concept Video",
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20210105222148/https://whitecr0wz.github.io/assets/img/Findings11/11-proof.gif"
},
{
"name": "Product Software Archive",
"tags": [
"product"
],
"url": "https://archive.org/details/tucows_288670_Audio_Playback_Recorder"
},
{
"name": "VulnCheck Advisory: Audio Playback Recorder 3.2.2 - Local Buffer Overflow (SEH)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/audio-playback-recorder-local-buffer-overflow-seh"
}
],
"title": "Audio Playback Recorder 3.2.2 - Local Buffer Overflow (SEH)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37013",
"datePublished": "2026-01-29T14:28:31.891Z",
"dateReserved": "2026-01-28T18:18:30.521Z",
"dateUpdated": "2026-05-12T20:46:26.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-37066 (GCVE-0-2020-37066)
Vulnerability from cvelistv5 – Published: 2026-02-03 22:01 – Updated: 2026-02-04 20:54
VLAI
Title
GoldWave 5.70 – Buffer Overflow (SEH Unicode)
Summary
GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow and execute commands when the file is opened.
Severity
9.8 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48510 | exploit |
| https://www.goldwave.com/ | product |
| https://www.vulncheck.com/advisories/goldwave-buf… | third-party-advisory |
Date Public
2020-05-14 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37066",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T20:54:30.688297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T20:54:41.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GoldWave",
"vendor": "GoldWave",
"versions": [
{
"status": "affected",
"version": "5.70"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andy Bowden"
}
],
"datePublic": "2020-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow and execute commands when the file is opened."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T22:01:37.788Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48510",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48510"
},
{
"name": "Official Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.goldwave.com/"
},
{
"name": "VulnCheck Advisory: GoldWave 5.70 \u2013 Buffer Overflow (SEH Unicode)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/goldwave-buffer-overflow-seh-unicode"
}
],
"title": "GoldWave 5.70 \u2013 Buffer Overflow (SEH Unicode)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37066",
"datePublished": "2026-02-03T22:01:37.788Z",
"dateReserved": "2026-02-01T13:16:06.483Z",
"dateUpdated": "2026-02-04T20:54:41.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-10
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Phase: Architecture and Design
Description:
- Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Phase: Implementation
Description:
- Implement and perform bounds checking on input.
Mitigation
Phase: Implementation
Description:
- Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation ID: MIT-11
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.