CWE-416
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CVE-2025-8176 (GCVE-0-2025-8176)
Vulnerability from cvelistv5 – Published: 2025-07-26 03:32 – Updated: 2025-07-28 14:28
VLAI
Title
LibTIFF tiffmedian.c get_histogram use after free
Summary
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317590 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.317590 | signaturepermissions-required |
| https://vuldb.com/?submit.621796 | third-party-advisory |
| https://gitlab.com/libtiff/libtiff/-/issues/707 | exploitissue-tracking |
| https://gitlab.com/libtiff/libtiff/-/merge_requests/727 | patch |
| https://gitlab.com/libtiff/libtiff/-/commit/fe108… | patch |
| http://www.libtiff.org/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8176",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T14:28:44.553762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T14:28:58.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LibTIFF",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.3"
},
{
"status": "affected",
"version": "4.4"
},
{
"status": "affected",
"version": "4.5"
},
{
"status": "affected",
"version": "4.6"
},
{
"status": "affected",
"version": "4.7.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "arthurx (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "In LibTIFF bis 4.7.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Es geht um die Funktion get_histogram der Datei tools/tiffmedian.c. Durch das Beeinflussen mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als fe10872e53efba9cc36c66ac4ab3b41a839d5172 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-26T03:32:08.851Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317590 | LibTIFF tiffmedian.c get_histogram use after free",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317590"
},
{
"name": "VDB-317590 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317590"
},
{
"name": "Submit #621796 | LibTIFF v4.7.0 Use After Free",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.621796"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitlab.com/libtiff/libtiff/-/issues/707"
},
{
"tags": [
"patch"
],
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727"
},
{
"tags": [
"patch"
],
"url": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172"
},
{
"tags": [
"product"
],
"url": "http://www.libtiff.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-25T10:16:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "LibTIFF tiffmedian.c get_histogram use after free"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8176",
"datePublished": "2025-07-26T03:32:08.851Z",
"dateReserved": "2025-07-25T08:11:17.633Z",
"dateUpdated": "2025-07-28T14:28:58.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8410 (GCVE-0-2025-8410)
Vulnerability from cvelistv5 – Published: 2025-09-23 17:52 – Updated: 2025-12-16 16:14
VLAI
Title
Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.
Summary
Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RTI | Connext Professional |
Affected:
7.5.0 , < 7.6.0
(custom)
|
Date Public
2025-09-16 07:52
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8410",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T18:29:15.954365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T18:36:51.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Security Plugins"
],
"packageName": "connext_professional",
"packageURL": "pkg:generic/connext_professional",
"product": "Connext Professional",
"vendor": "RTI",
"versions": [
{
"lessThan": "7.6.0",
"status": "affected",
"version": "7.5.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.6.0",
"versionStartIncluding": "7.5.0",
"vulnerable": true
}
],
"negated": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-09-16T07:52:42.037Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.\u003cp\u003eThis issue affects Connext Professional: from 7.5.0 before 7.6.0.\u003c/p\u003e"
}
],
"value": "Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Security Extensions Enabled"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:14:58.480Z",
"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"shortName": "RTI"
},
"references": [
{
"url": "https://www.rti.com/vulnerabilities/#cve-2025-8410"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.",
"x_generator": {
"engine": "RTI Lubna 1.14.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
"assignerShortName": "RTI",
"cveId": "CVE-2025-8410",
"datePublished": "2025-09-23T17:52:26.769Z",
"dateReserved": "2025-07-31T08:26:06.499Z",
"dateUpdated": "2025-12-16T16:14:58.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8837 (GCVE-0-2025-8837)
Vulnerability from cvelistv5 – Published: 2025-08-11 08:02 – Updated: 2025-08-11 19:56
VLAI
Title
JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free
Summary
A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.319371 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.319371 | signaturepermissions-required |
| https://vuldb.com/?submit.630487 | third-party-advisory |
| https://vuldb.com/?submit.630488 | third-party-advisory |
| https://github.com/jasper-software/jasper/issues/402 | issue-tracking |
| https://drive.google.com/file/d/17Ic_DDOlH7mMT7Ib… | exploit |
| https://github.com/jasper-software/jasper/commit/… | patch |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8837",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T19:56:26.199027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T19:56:29.410Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/jasper-software/jasper/issues/402"
},
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.630488"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"JPEG2000 File Handler"
],
"product": "JasPer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.2.3"
},
{
"status": "affected",
"version": "4.2.4"
},
{
"status": "affected",
"version": "4.2.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "rootsec (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Hiervon betroffen ist die Funktion jpc_dec_dump der Datei src/libjasper/jpc/jpc_dec.c der Komponente JPEG2000 File Handler. Durch Manipulieren mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 8308060d3fbc1da10353ac8a95c8ea60eba9c25a bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T08:02:07.784Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319371 | JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319371"
},
{
"name": "VDB-319371 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319371"
},
{
"name": "Submit #630487 | jasper imginfo JasPer Version**: 4.2.5 and the newest master Use-after-free",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.630487"
},
{
"name": "Submit #630488 | jasper imginfo JasPer Version**: 4.2.5 and the newest master Use-after-free (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.630488"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/jasper-software/jasper/issues/402"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/17Ic_DDOlH7mMT7IbTN2Bmo6SrujIUh24/view?usp=sharing"
},
{
"tags": [
"patch"
],
"url": "https://github.com/jasper-software/jasper/commit/8308060d3fbc1da10353ac8a95c8ea60eba9c25a"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T13:20:01.000Z",
"value": "VulDB entry last update"
}
],
"title": "JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8837",
"datePublished": "2025-08-11T08:02:07.784Z",
"dateReserved": "2025-08-10T11:14:54.230Z",
"dateUpdated": "2025-08-11T19:56:29.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8842 (GCVE-0-2025-8842)
Vulnerability from cvelistv5 – Published: 2025-08-11 10:32 – Updated: 2025-08-11 12:34
VLAI
Title
NASM Netwide Assember preproc.c do_directive use after free
Summary
A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.319376 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.319376 | signaturepermissions-required |
| https://vuldb.com/?submit.623184 | third-party-advisory |
| https://bugzilla.nasm.us/show_bug.cgi?id=3392933 | issue-tracking |
| https://drive.google.com/file/d/11vEV1vMHXO4BrDGh… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NASM | Netwide Assember |
Affected:
2.17rc0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8842",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T12:34:30.315514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T12:34:33.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392933"
},
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.623184"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Netwide Assember",
"vendor": "NASM",
"versions": [
{
"status": "affected",
"version": "2.17rc0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xdcao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es geht hierbei um die Funktion do_directive der Datei preproc.c. Mit der Manipulation mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T10:32:09.151Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319376 | NASM Netwide Assember preproc.c do_directive use after free",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319376"
},
{
"name": "VDB-319376 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319376"
},
{
"name": "Submit #623184 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623184"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392933"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/11vEV1vMHXO4BrDGhvWAMm0Qo1woiUwVV/view?usp=drive_link"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T18:01:57.000Z",
"value": "VulDB entry last update"
}
],
"title": "NASM Netwide Assember preproc.c do_directive use after free"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8842",
"datePublished": "2025-08-11T10:32:09.151Z",
"dateReserved": "2025-08-10T15:42:36.258Z",
"dateUpdated": "2025-08-11T12:34:33.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9020 (GCVE-0-2025-9020)
Vulnerability from cvelistv5 – Published: 2025-08-15 07:32 – Updated: 2025-08-15 16:34
VLAI
Title
PX4 PX4-Autopilot Mavlink Shell Closing mavlink_receiver.cpp handle_message_serial_control use after free
Summary
A vulnerability was found in PX4 PX4-Autopilot up to 1.15.4. This issue affects the function MavlinkReceiver::handle_message_serial_control of the file src/modules/mavlink/mavlink_receiver.cpp of the component Mavlink Shell Closing Handler. The manipulation of the argument _mavlink_shell leads to use after free. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is 4395d4f00c49b888f030f5b43e2a779f1fa78708. It is recommended to apply a patch to fix this issue.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.320081 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.320081 | signaturepermissions-required |
| https://vuldb.com/?submit.624722 | third-party-advisory |
| https://github.com/PX4/PX4-Autopilot/issues/25046 | issue-tracking |
| https://github.com/PX4/PX4-Autopilot/pull/25082 | issue-tracking |
| https://github.com/PX4/PX4-Autopilot/pull/25082/c… | issue-trackingpatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PX4 | PX4-Autopilot |
Affected:
1.15.0
Affected: 1.15.1 Affected: 1.15.2 Affected: 1.15.3 Affected: 1.15.4 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T16:33:57.490799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T16:34:05.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Mavlink Shell Closing Handler"
],
"product": "PX4-Autopilot",
"vendor": "PX4",
"versions": [
{
"status": "affected",
"version": "1.15.0"
},
{
"status": "affected",
"version": "1.15.1"
},
{
"status": "affected",
"version": "1.15.2"
},
{
"status": "affected",
"version": "1.15.3"
},
{
"status": "affected",
"version": "1.15.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "0x20z (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PX4 PX4-Autopilot up to 1.15.4. This issue affects the function MavlinkReceiver::handle_message_serial_control of the file src/modules/mavlink/mavlink_receiver.cpp of the component Mavlink Shell Closing Handler. The manipulation of the argument _mavlink_shell leads to use after free. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is 4395d4f00c49b888f030f5b43e2a779f1fa78708. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es geht hierbei um die Funktion MavlinkReceiver::handle_message_serial_control der Datei src/modules/mavlink/mavlink_receiver.cpp der Komponente Mavlink Shell Closing Handler. Durch die Manipulation des Arguments _mavlink_shell mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Patch wird als 4395d4f00c49b888f030f5b43e2a779f1fa78708 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.5,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T07:32:07.425Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320081 | PX4 PX4-Autopilot Mavlink Shell Closing mavlink_receiver.cpp handle_message_serial_control use after free",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320081"
},
{
"name": "VDB-320081 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320081"
},
{
"name": "Submit #624722 | PX4 PX4-Autopilot main and v1.15.4 Race Condition in File Access",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.624722"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/PX4/PX4-Autopilot/issues/25046"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/PX4/PX4-Autopilot/pull/25082"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/PX4/PX4-Autopilot/pull/25082/commits/4395d4f00c49b888f030f5b43e2a779f1fa78708"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-14T08:06:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "PX4 PX4-Autopilot Mavlink Shell Closing mavlink_receiver.cpp handle_message_serial_control use after free"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9020",
"datePublished": "2025-08-15T07:32:07.425Z",
"dateReserved": "2025-08-14T06:00:30.227Z",
"dateUpdated": "2025-08-15T16:34:05.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9157 (GCVE-0-2025-9157)
Vulnerability from cvelistv5 – Published: 2025-08-19 20:02 – Updated: 2025-08-19 20:32
VLAI
Title
appneta tcpreplay tcprewrite edit_packet.c untrunc_packet use after free
Summary
A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.320537 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.320537 | signaturepermissions-required |
| https://vuldb.com/?submit.630495 | third-party-advisory |
| https://github.com/appneta/tcpreplay/issues/970 | issue-tracking |
| https://github.com/appneta/tcpreplay/issues/970#i… | issue-tracking |
| https://drive.google.com/file/d/1_aONM_TOF96JbnYv… | exploit |
| https://github.com/appneta/tcpreplay/commit/73008… | patch |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9157",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-19T20:32:34.213995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T20:32:45.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"tcprewrite"
],
"product": "tcpreplay",
"vendor": "appneta",
"versions": [
{
"status": "affected",
"version": "4.5.2-beta1"
},
{
"status": "affected",
"version": "4.5.2-beta2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "HeureuxBuilding (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in appneta tcpreplay bis 4.5.2-beta2 entdeckt. Es geht hierbei um die Funktion untrunc_packet der Datei src/tcpedit/edit_packet.c der Komponente tcprewrite. Durch das Manipulieren mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden. Der Patch tr\u00e4gt den Namen 73008f261f1cdf7a1087dc8759115242696d35da. Es wird geraten, einen Patch zu installieren, um dieses Problem zu l\u00f6sen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T20:02:08.552Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320537 | appneta tcpreplay tcprewrite edit_packet.c untrunc_packet use after free",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320537"
},
{
"name": "VDB-320537 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320537"
},
{
"name": "Submit #630495 | tcpreplay tcprewrite tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Use-After-Free",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.630495"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/appneta/tcpreplay/issues/970"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/appneta/tcpreplay/issues/970#issuecomment-3198966053"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1_aONM_TOF96JbnYviPyZhVk-7HObtX8H/view?usp=sharing"
},
{
"tags": [
"patch"
],
"url": "https://github.com/appneta/tcpreplay/commit/73008f261f1cdf7a1087dc8759115242696d35da"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-19T11:31:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "appneta tcpreplay tcprewrite edit_packet.c untrunc_packet use after free"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9157",
"datePublished": "2025-08-19T20:02:08.552Z",
"dateReserved": "2025-08-19T09:26:39.372Z",
"dateUpdated": "2025-08-19T20:32:45.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9385 (GCVE-0-2025-9385)
Vulnerability from cvelistv5 – Published: 2025-08-24 10:32 – Updated: 2025-08-25 20:25
VLAI
Title
appneta tcpreplay tcprewrite edit_packet.c fix_ipv6_checksums use after free
Summary
A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. The attack is restricted to local execution. The exploit has been published and may be used. Upgrading to version 4.5.2-beta3 is sufficient to fix this issue. It is advisable to upgrade the affected component.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.321218 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.321218 | signaturepermissions-required |
| https://vuldb.com/?submit.630497 | third-party-advisory |
| https://github.com/appneta/tcpreplay/issues/972 | issue-tracking |
| https://github.com/appneta/tcpreplay/issues/972#i… | issue-tracking |
| https://drive.google.com/file/d/1BQZF558bRHv07wtl… | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T20:25:28.234106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T20:25:47.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"tcprewrite"
],
"product": "tcpreplay",
"vendor": "appneta",
"versions": [
{
"status": "affected",
"version": "4.5.0"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "unaffected",
"version": "4.5.2-beta3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "HeureuxBuilding (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. The attack is restricted to local execution. The exploit has been published and may be used. Upgrading to version 4.5.2-beta3 is sufficient to fix this issue. It is advisable to upgrade the affected component."
},
{
"lang": "de",
"value": "In appneta tcpreplay bis 4.5.1 wurde eine Schwachstelle gefunden. Betroffen davon ist die Funktion fix_ipv6_checksums der Datei edit_packet.c der Komponente tcprewrite. Mit der Manipulation mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden. Das Problem kann durch ein Upgrade auf Version 4.5.2-beta3 adressiert werden. Ein Upgrade der betroffenen Komponente wird empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T10:32:06.713Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321218 | appneta tcpreplay tcprewrite edit_packet.c fix_ipv6_checksums use after free",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321218"
},
{
"name": "VDB-321218 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321218"
},
{
"name": "Submit #630497 | tcpreplay tcprewrite tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Use-After-Free",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.630497"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/appneta/tcpreplay/issues/972"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/appneta/tcpreplay/issues/972#issuecomment-3199019278"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1BQZF558bRHv07wtlCoZgtqTlEpHgfytp/view?usp=sharing"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-23T17:12:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "appneta tcpreplay tcprewrite edit_packet.c fix_ipv6_checksums use after free"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9385",
"datePublished": "2025-08-24T10:32:06.713Z",
"dateReserved": "2025-08-23T15:07:12.250Z",
"dateUpdated": "2025-08-25T20:25:47.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9386 (GCVE-0-2025-9386)
Vulnerability from cvelistv5 – Published: 2025-08-24 11:02 – Updated: 2025-08-25 20:26
VLAI
Title
appneta tcpreplay tcprewrite get.c get_l2len_protocol use after free
Summary
A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.2-beta3 is sufficient to resolve this issue. You should upgrade the affected component.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.321219 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.321219 | signaturepermissions-required |
| https://vuldb.com/?submit.630498 | third-party-advisory |
| https://github.com/appneta/tcpreplay/issues/973 | issue-tracking |
| https://drive.google.com/file/d/1DcQWaTmj1HSbRidO… | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9386",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T20:26:18.668059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T20:26:30.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"tcprewrite"
],
"product": "tcpreplay",
"vendor": "appneta",
"versions": [
{
"status": "affected",
"version": "4.5.0"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "unaffected",
"version": "4.5.2-beta3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "HeureuxBuilding (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.2-beta3 is sufficient to resolve this issue. You should upgrade the affected component."
},
{
"lang": "de",
"value": "In appneta tcpreplay bis 4.5.1 ist eine Schwachstelle entdeckt worden. Betroffen hiervon ist die Funktion get_l2len_protocol der Datei get.c der Komponente tcprewrite. Durch die Manipulation mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden. Durch ein Upgrade auf Version 4.5.2-beta3 kann dieses Problem behoben werden. Die Aktualisierung der betroffenen Komponente wird empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:02:07.459Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321219 | appneta tcpreplay tcprewrite get.c get_l2len_protocol use after free",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321219"
},
{
"name": "VDB-321219 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321219"
},
{
"name": "Submit #630498 | tcpreplay tcprewrite tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Use-After-Free",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.630498"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/appneta/tcpreplay/issues/973"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1DcQWaTmj1HSbRidOCWwe9vtgHsBnFuX7/view?usp=sharing"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-23T17:14:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "appneta tcpreplay tcprewrite get.c get_l2len_protocol use after free"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9386",
"datePublished": "2025-08-24T11:02:07.459Z",
"dateReserved": "2025-08-23T15:09:37.515Z",
"dateUpdated": "2025-08-25T20:26:30.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9394 (GCVE-0-2025-9394)
Vulnerability from cvelistv5 – Published: 2025-08-24 16:02 – Updated: 2025-08-25 16:50
VLAI
Title
PoDoFo PDF Dictionary PdfTokenizer.cpp DetermineDataType use after free
Summary
A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been published and may be used. This patch is called 22d16cb142f293bf956f66a4d399cdd65576d36c. A patch should be applied to remediate this issue.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.321227 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.321227 | signaturepermissions-required |
| https://vuldb.com/?submit.632364 | third-party-advisory |
| https://vuldb.com/?submit.632365 | third-party-advisory |
| https://github.com/podofo/podofo/issues/275 | issue-tracking |
| https://drive.google.com/file/d/1edJH17GAiK9R441G… | exploit |
| https://github.com/podofo/podofo/commit/22d16cb14… | patch |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9394",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T16:50:46.937446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T16:50:51.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/podofo/podofo/issues/275"
},
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.632365"
},
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.632364"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"PDF Dictionary Parser"
],
"product": "PoDoFo",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.1.0-dev"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xdcao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been published and may be used. This patch is called 22d16cb142f293bf956f66a4d399cdd65576d36c. A patch should be applied to remediate this issue."
},
{
"lang": "de",
"value": "In PoDoFo 1.1.0-dev ist eine Schwachstelle entdeckt worden. Betroffen davon ist die Funktion PdfTokenizer::DetermineDataType der Datei src/podofo/main/PdfTokenizer.cpp der Komponente PDF Dictionary Parser. Die Manipulation f\u00fchrt zu use after free. Der Angriff muss lokal passieren. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden. Der Patch tr\u00e4gt den Namen 22d16cb142f293bf956f66a4d399cdd65576d36c. Es wird geraten, einen Patch zu installieren, um dieses Problem zu l\u00f6sen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T16:02:07.701Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321227 | PoDoFo PDF Dictionary PdfTokenizer.cpp DetermineDataType use after free",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321227"
},
{
"name": "VDB-321227 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321227"
},
{
"name": "Submit #632364 | podofo podofoencrypt PoDoFo version 1.1.0-dev (commit 053cf47) compiled on Jul 30 2025 and the newest master version. Heap Use-After-Free",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.632364"
},
{
"name": "Submit #632365 | podofo podofoencrypt PoDoFo version 1.1.0-dev (commit 053cf47) compiled on Jul 30 2025 and the newest master version. Heap Use-After-Free (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.632365"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/podofo/podofo/issues/275"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1edJH17GAiK9R441Gjyj8tiV_2ptoL16U/view?usp=sharing"
},
{
"tags": [
"patch"
],
"url": "https://github.com/podofo/podofo/commit/22d16cb142f293bf956f66a4d399cdd65576d36c"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-24T17:07:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "PoDoFo PDF Dictionary PdfTokenizer.cpp DetermineDataType use after free"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9394",
"datePublished": "2025-08-24T16:02:07.701Z",
"dateReserved": "2025-08-23T15:43:19.998Z",
"dateUpdated": "2025-08-25T16:50:51.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9449 (GCVE-0-2025-9449)
Vulnerability from cvelistv5 – Published: 2025-09-17 06:13 – Updated: 2025-09-17 12:50
VLAI
Title
Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
Summary
A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | SOLIDWORKS eDrawings |
Affected:
Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9449",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T12:50:22.306988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T12:50:33.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SOLIDWORKS eDrawings",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP3",
"status": "affected",
"version": "Release SOLIDWORKS Desktop 2025 SP0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file."
}
],
"value": "A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T06:13:08.090Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-9449"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2025-9449",
"datePublished": "2025-09-17T06:13:08.090Z",
"dateReserved": "2025-08-25T14:10:43.713Z",
"dateUpdated": "2025-09-17T12:50:33.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Strategy: Language Selection
Description:
- Choose a language that provides automatic memory management.
Mitigation
Phase: Implementation
Strategy: Attack Surface Reduction
Description:
- When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.