Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CVE-2024-0149 (GCVE-0-2024-0149)
Vulnerability from cvelistv5 – Published: 2025-01-28 04:04 – Updated: 2025-03-27 20:03
VLAI
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. A successful exploit of this vulnerability might lead to limited information disclosure.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | NVIDIA GPU Display Driver, vGPU software |
Affected:
R535, R550
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T15:15:48.771372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:15:52.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-27T20:03:01.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/27/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NVIDIA GPU Display Driver, vGPU software",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "R535, R550"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. A successful exploit of this vulnerability might lead to limited information disclosure.\u003c/span\u003e"
}
],
"value": "NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. A successful exploit of this vulnerability might lead to limited information disclosure."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T04:04:19.542Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5614"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0149",
"datePublished": "2025-01-28T04:04:19.542Z",
"dateReserved": "2023-12-02T00:43:00.230Z",
"dateUpdated": "2025-03-27T20:03:01.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0207 (GCVE-0-2024-0207)
Vulnerability from cvelistv5 – Published: 2024-01-03 07:31 – Updated: 2026-03-27 13:56
VLAI
Title
Out-of-bounds Read in Wireshark
Summary
HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.2.0 , < 4.2.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:15.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2024-03.html"
},
{
"name": "GitLab Issue #19502",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19502"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0207",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-08T20:42:54.965767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:29:08.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.2.1",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dexter Gerig"
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:56.446Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-03.html"
},
{
"name": "GitLab Issue #19502",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19502"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 4.2.0 or above."
}
],
"title": "Out-of-bounds Read in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-0207",
"datePublished": "2024-01-03T07:31:10.632Z",
"dateReserved": "2024-01-03T07:30:45.767Z",
"dateUpdated": "2026-03-27T13:56:56.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0322 (GCVE-0-2024-0322)
Vulnerability from cvelistv5 – Published: 2024-01-08 12:38 – Updated: 2025-06-03 14:37
VLAI
Title
Out-of-bounds Read in gpac/gpac
Summary
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
Severity
4.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:48.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0322",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T20:12:03.505158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:37:57.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gpac/gpac",
"vendor": "gpac",
"versions": [
{
"lessThan": "2.3-DEV",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-08T12:38:35.128Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec"
},
{
"url": "https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70"
}
],
"source": {
"advisory": "87611fc9-ed7c-43e9-8e52-d83cd270bbec",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in gpac/gpac"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-0322",
"datePublished": "2024-01-08T12:38:35.128Z",
"dateReserved": "2024-01-08T12:38:05.505Z",
"dateUpdated": "2025-06-03T14:37:57.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10387 (GCVE-0-2024-10387)
Vulnerability from cvelistv5 – Published: 2024-10-25 17:04 – Updated: 2024-10-25 20:14
VLAI
Title
Rockwell Automation FactoryTalk ThinManager Denial-of-Service Vulnerability
Summary
CVE-2024-10387 IMPACT
A Denial-of-Service
vulnerability exists in the affected product. The vulnerability could allow a
threat actor with network access to send crafted messages to the device,
potentially resulting in Denial-of-Service.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | FactoryTalk ThinManager |
Affected:
11.2.0-11.2.9
Affected: 12.0.0-12.0.7 Affected: 12.1.0-12.1.8 Affected: 13.0.0-13.0.5 Affected: 13.1.0-13.1.3 Affected: 13.2.0-13.2.2 Affected: 14.0.0 |
|
| rockwellautomation | thinmanager |
Affected:
11.2.0 , ≤ 11.2.9
(custom)
Affected: 12.0.0 , ≤ 12.0.7 (custom) Affected: 12.1.0 , ≤ 12.1.8 (custom) Affected: 13.0.0 , ≤ 13.0.5 (custom) Affected: 13.1.0 , ≤ 13.1.3 (custom) Affected: 13.2.0 , ≤ 13.2.2 (custom) Affected: 14.0.0 cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:* |
Date Public
2024-10-25 17:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThanOrEqual": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "13.0.5",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "13.1.3",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T20:10:20.475990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T20:14:03.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FactoryTalk ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.2.0-11.2.9"
},
{
"status": "affected",
"version": "12.0.0-12.0.7"
},
{
"status": "affected",
"version": "12.1.0-12.1.8"
},
{
"status": "affected",
"version": "13.0.0-13.0.5"
},
{
"status": "affected",
"version": "13.1.0-13.1.3"
},
{
"status": "affected",
"version": "13.2.0-13.2.2"
},
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tenable Network Security"
}
],
"datePublic": "2024-10-25T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cb\u003e\u003cu\u003eCVE-2024-10387 IMPACT\u003c/u\u003e\u003c/b\u003e\u003cu\u003e\u003c/u\u003e\u003c/p\u003e\n\n\u003cp\u003eA Denial-of-Service\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device,\npotentially resulting in Denial-of-Service.\u003c/p\u003e"
}
],
"value": "CVE-2024-10387 IMPACT\n\n\n\nA Denial-of-Service\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device,\npotentially resulting in Denial-of-Service."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T17:04:36.334Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: var(--wht);\"\u003eIf able,\nnavigate to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\"\u003eThinManager\u00ae download site\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e and upgrade to a corrected version of ThinManager\u00ae\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\u003cp\u003e11.2.10\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e12.0.8\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e12.1.9\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e13.0.6 \u003c/p\u003e\n\n\n\n\u003cp\u003e13.1.4 \u003c/p\u003e\n\n\n\n\u003cp\u003e13.2.3 \u003c/p\u003e\n\n\n\n\u003cp\u003e14.0.1\u003c/p\u003e\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "If able,\nnavigate to the ThinManager\u00ae download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager\u00ae\n\n\n\n11.2.10\n\n\n\n\n\n12.0.8\n\n\n\n\n\n12.1.9\n\n\n\n\n\n13.0.6 \n\n\n\n\n\n13.1.4 \n\n\n\n\n\n13.2.3 \n\n\n\n\n\n14.0.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation FactoryTalk ThinManager Denial-of-Service Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eIf able,\nnavigate to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\"\u003eThinManager\u00ae download site\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e and upgrade to a corrected version of ThinManager\u00ae\u003c/span\u003e\u003c/p\u003e\u003cp\u003eImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\u003c/p\u003e\n\n\n\n\u003cp\u003eFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003esecurity best\npractices\u003c/a\u003e to\nminimize the risk of the vulnerability.\u003c/p\u003e"
}
],
"value": "If able,\nnavigate to the ThinManager\u00ae download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager\u00ae\n\nImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\n\n\n\n\n\nFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested security best\npractices to\nminimize the risk of the vulnerability."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-10387",
"datePublished": "2024-10-25T17:04:36.334Z",
"dateReserved": "2024-10-25T12:38:30.428Z",
"dateUpdated": "2024-10-25T20:14:03.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11131 (GCVE-0-2024-11131)
Vulnerability from cvelistv5 – Published: 2025-03-19 02:15 – Updated: 2025-03-19 14:04
VLAI
Summary
A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC500, CC400W and TC500.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.synology.com/en-global/security/advis… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Synology | Camera Firmware |
Affected:
1.1 , < 1.2.0-0525
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T14:04:31.754198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T14:04:50.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"BC500",
"CC400W",
"TC500"
],
"product": "Camera Firmware",
"vendor": "Synology",
"versions": [
{
"lessThan": "1.2.0-0525",
"status": "affected",
"version": "1.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Viettel Cyber Security (@vcslab)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC500, CC400W and TC500."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T02:15:27.507Z",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"name": "Synology-SA-24:24 Synology Camera (PWN2OWN 2024)",
"tags": [
"vendor-advisory"
],
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_24"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2024-11131",
"datePublished": "2025-03-19T02:15:27.507Z",
"dateReserved": "2024-11-12T08:55:41.039Z",
"dateUpdated": "2025-03-19T14:04:50.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11268 (GCVE-0-2024-11268)
Vulnerability from cvelistv5 – Published: 2024-12-09 17:42 – Updated: 2025-08-26 16:51
VLAI
Title
PDF File Parsing Vulnerability in Autodesk Revit
Summary
A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T18:07:50.635674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T18:07:57.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Revit",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.3.1",
"status": "affected",
"version": "2024",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T16:51:06.761Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0024"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PDF File Parsing Vulnerability in Autodesk Revit",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-11268",
"datePublished": "2024-12-09T17:42:15.362Z",
"dateReserved": "2024-11-15T17:53:44.142Z",
"dateUpdated": "2025-08-26T16:51:06.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1140 (GCVE-0-2024-1140)
Vulnerability from cvelistv5 – Published: 2024-02-13 15:05 – Updated: 2025-05-19 16:41
VLAI
Title
Twister Antivirus v8.17 - Out-of-bounds Read
Summary
Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://fluidattacks.com/advisories/fitzgerald/ | third-party-advisory |
| http://www.filseclab.com/en-us/products/twister.htm | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Filseclab | Twister Antivirus |
Affected:
8.17
|
Date Public
2024-02-06 17:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/fitzgerald/"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "http://www.filseclab.com/en-us/products/twister.htm"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T19:08:33.459602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T19:09:05.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Twister Antivirus",
"vendor": "Filseclab",
"versions": [
{
"status": "affected",
"version": "8.17"
}
]
}
],
"datePublic": "2024-02-06T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver."
}
],
"value": "Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver."
}
],
"impacts": [
{
"capecId": "CAPEC-540",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-540 Overread Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T16:41:25.346Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://fluidattacks.com/advisories/fitzgerald/"
},
{
"tags": [
"product"
],
"url": "http://www.filseclab.com/en-us/products/twister.htm"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Twister Antivirus v8.17 - Out-of-bounds Read",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2024-1140",
"datePublished": "2024-02-13T15:05:22.732Z",
"dateReserved": "2024-01-31T22:23:11.905Z",
"dateUpdated": "2025-05-19T16:41:25.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11403 (GCVE-0-2024-11403)
Vulnerability from cvelistv5 – Published: 2024-11-25 13:08 – Updated: 2024-11-25 13:54
VLAI
Title
Out of Bounds Memory Read/Write in libjxl
Summary
There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression (i.e. if using JxlEncoderAddJPEGFrame on untrusted input) does not properly check bounds in the presence of incomplete codes. This could lead to an out-of-bounds write. In jpegli which is released as part of the same project, the same vulnerability is present. However, the relevant buffer is part of a bigger structure, and the code makes no assumptions on the values that could be overwritten. The issue could however cause jpegli to read uninitialised memory, or addresses of functions.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| libjxl | libjxl |
Affected:
0.11.0 , < 9cc451b91b74ba470fd72bd48c121e9f33d24c99
(custom)
Affected: 0.10.0-2 , < 9cc451b91b74ba470fd72bd48c121e9f33d24c99 (custom) Affected: 0.9.0-3 , < 9cc451b91b74ba470fd72bd48c121e9f33d24c99 (custom) Affected: 0.8.0-3 , < 9cc451b91b74ba470fd72bd48c121e9f33d24c99 (custom) Affected: 0.7.0-1 , < 9cc451b91b74ba470fd72bd48c121e9f33d24c99 (custom) |
Date Public
2024-10-02 22:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11403",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T13:54:20.424817Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T13:54:29.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/libjxl/libjxl/",
"defaultStatus": "unaffected",
"product": "libjxl",
"programFiles": [
"lib/jxl/jpeg/enc_jpeg_huffman_decode.h"
],
"repo": "https://github.com/libjxl/libjxl/",
"vendor": "libjxl",
"versions": [
{
"lessThan": "9cc451b91b74ba470fd72bd48c121e9f33d24c99",
"status": "affected",
"version": "0.11.0",
"versionType": "custom"
},
{
"lessThan": "9cc451b91b74ba470fd72bd48c121e9f33d24c99",
"status": "affected",
"version": "0.10.0-2",
"versionType": "custom"
},
{
"lessThan": "9cc451b91b74ba470fd72bd48c121e9f33d24c99",
"status": "affected",
"version": "0.9.0-3",
"versionType": "custom"
},
{
"lessThan": "9cc451b91b74ba470fd72bd48c121e9f33d24c99",
"status": "affected",
"version": "0.8.0-3",
"versionType": "custom"
},
{
"lessThan": "9cc451b91b74ba470fd72bd48c121e9f33d24c99",
"status": "affected",
"version": "0.7.0-1",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-10-02T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There exists an out of bounds read/write in LibJXL versions prior to commit\u0026nbsp;9cc451b91b74ba470fd72bd48c121e9f33d24c99. T\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ehe JPEG decoder used by the JPEG XL \u003c/span\u003e\u003cem\u003eencoder\u003c/em\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;when doing JPEG recompression (i.e. if using JxlEncoderAddJPEGFrame on untrusted input) does not properly check bounds in the presence of incomplete codes. This could lead to an out-of-bounds write. In jpegli which is released as part of the same project, the same vulnerability is present. However, the relevant buffer is part of a bigger structure, and the code makes no assumptions on the values that could be overwritten. The issue could however cause jpegli to read uninitialised memory, or addresses of functions.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There exists an out of bounds read/write in LibJXL versions prior to commit\u00a09cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder\u00a0when doing JPEG recompression (i.e. if using JxlEncoderAddJPEGFrame on untrusted input) does not properly check bounds in the presence of incomplete codes. This could lead to an out-of-bounds write. In jpegli which is released as part of the same project, the same vulnerability is present. However, the relevant buffer is part of a bigger structure, and the code makes no assumptions on the values that could be overwritten. The issue could however cause jpegli to read uninitialised memory, or addresses of functions."
}
],
"impacts": [
{
"capecId": "CAPEC-540",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-540 Overread Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T13:08:38.280Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/libjxl/libjxl/commit/9cc451b91b74ba470fd72bd48c121e9f33d24c99"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out of Bounds Memory Read/Write in libjxl",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2024-11403",
"datePublished": "2024-11-25T13:08:38.280Z",
"dateReserved": "2024-11-19T11:20:39.008Z",
"dateUpdated": "2024-11-25T13:54:29.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11506 (GCVE-0-2024-11506)
Vulnerability from cvelistv5 – Published: 2024-11-22 20:50 – Updated: 2024-11-22 21:35
VLAI
Title
IrfanView DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
Summary
IrfanView DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22169.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
Date Public
2024-11-21 20:51
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:irfanview:irfanview:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "irfanview",
"vendor": "irfanview",
"versions": [
{
"lessThan": "4.70",
"status": "affected",
"version": "4.62",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T21:18:24.464317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:35:45.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "IrfanView",
"vendor": "IrfanView",
"versions": [
{
"status": "affected",
"version": "4.62 64bit"
}
]
}
],
"dateAssigned": "2024-11-20T21:51:50.277Z",
"datePublic": "2024-11-21T20:51:43.224Z",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22169."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:50:08.016Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1594",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1594/"
}
],
"source": {
"lang": "en",
"value": "rgod"
},
"title": "IrfanView DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11506",
"datePublished": "2024-11-22T20:50:08.016Z",
"dateReserved": "2024-11-20T21:51:50.201Z",
"dateUpdated": "2024-11-22T21:35:45.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11526 (GCVE-0-2024-11526)
Vulnerability from cvelistv5 – Published: 2024-11-22 20:44 – Updated: 2024-11-22 21:45
VLAI
Title
IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
Summary
IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24600.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
Date Public
2024-11-21 20:42
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:irfanview:irfanview:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "irfanview",
"vendor": "irfanview",
"versions": [
{
"lessThan": "4.70",
"status": "affected",
"version": "4.67",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T21:19:39.978405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:45:47.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "IrfanView",
"vendor": "IrfanView",
"versions": [
{
"status": "affected",
"version": "4.67.0.0"
}
]
}
],
"dateAssigned": "2024-11-20T21:53:26.146Z",
"datePublic": "2024-11-21T20:42:23.189Z",
"descriptions": [
{
"lang": "en",
"value": "IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24600."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:44:33.267Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1539",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1539/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11526",
"datePublished": "2024-11-22T20:44:33.267Z",
"dateReserved": "2024-11-20T21:53:26.097Z",
"dateUpdated": "2024-11-22T21:45:47.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Phase: Architecture and Design
Strategy: Language Selection
Description:
- Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.