Common Weakness Enumeration

CWE-125

Allowed

Out-of-bounds Read

Abstraction: Base · Status: Draft

The product reads data past the end, or before the beginning, of the intended buffer.

11292 vulnerabilities reference this CWE, most recent first.

CVE-2026-2240 (GCVE-0-2026-2240)

Vulnerability from cvelistv5 – Published: 2026-02-09 15:32 – Updated: 2026-02-23 10:00 X_Open Source
VLAI
Title
janet-lang janet compile.c janetc_pop_funcdef out-of-bounds
Summary
A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is 4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5. A patch should be applied to remediate this issue.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
janet-lang janet Affected: 1.40.0
Affected: 1.40.1
Create a notification for this product.
Credits
Oneafter (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2240",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-09T16:06:11.954193Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-09T16:06:52.054Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "janet",
          "vendor": "janet-lang",
          "versions": [
            {
              "status": "affected",
              "version": "1.40.0"
            },
            {
              "status": "affected",
              "version": "1.40.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Oneafter (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is 4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5. A patch should be applied to remediate this issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1.7,
            "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out-of-Bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-23T10:00:07.480Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-344979 | janet-lang janet compile.c janetc_pop_funcdef out-of-bounds",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.344979"
        },
        {
          "name": "VDB-344979 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.344979"
        },
        {
          "name": "Submit #753155 | janet-lang janet 883dde4 Heap-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.753155"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/janet-lang/janet/issues/1702"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/janet-lang/janet/issues/1702#issuecomment-3790473369"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/oneafter/0123/blob/main/ja4/repro"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/janet-lang/janet/commit/4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/janet-lang/janet/"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-09T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-02-09T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-02-09T18:15:47.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "janet-lang janet compile.c janetc_pop_funcdef out-of-bounds"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-2240",
    "datePublished": "2026-02-09T15:32:10.307Z",
    "dateReserved": "2026-02-09T09:38:25.338Z",
    "dateUpdated": "2026-02-23T10:00:07.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1765 (GCVE-0-2026-1765)

Vulnerability from cvelistv5 – Published: 2026-06-16 00:34 – Updated: 2026-06-16 14:59
VLAI
Title
Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and potential information disclosure via crafted mp3 files
Summary
A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-miners). This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denial of Service (DoS) where the application crashes. It may also potentially expose sensitive information from the system's memory.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://access.redhat.com/security/cve/CVE-2026-1765 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2435981 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Create a notification for this product.
Date Public
2026-02-02 11:11
Credits
Red Hat would like to thank Fatih Çelik for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1765",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T14:58:49.885220Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-16T14:59:02.597Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "tracker-miners",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "tracker-miners",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "tracker-miners",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Fatih \u00c7elik for reporting this issue."
        }
      ],
      "datePublic": "2026-02-02T11:11:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-miners). This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denial of Service (DoS) where the application crashes. It may also potentially expose sensitive information from the system\u0027s memory."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T00:34:27.855Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-1765"
        },
        {
          "name": "RHBZ#2435981",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435981"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-02T14:49:38.979Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-02-02T11:11:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and potential information disclosure via crafted mp3 files",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2026-1765",
    "datePublished": "2026-06-16T00:34:27.855Z",
    "dateReserved": "2026-02-02T14:57:06.163Z",
    "dateUpdated": "2026-06-16T14:59:02.597Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1764 (GCVE-0-2026-1764)

Vulnerability from cvelistv5 – Published: 2026-06-16 00:32 – Updated: 2026-06-16 14:56
VLAI
Title
Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leads to denial of service or information disclosure when parsing mp3 files
Summary
A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the `extract_performers_tags` function can lead to a heap buffer overflow. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by triggering a read of unmapped memory. In some cases, it could also lead to information disclosure by reading visible heap data.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://access.redhat.com/security/cve/CVE-2026-1764 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2435980 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Create a notification for this product.
Date Public
2026-02-02 11:11
Credits
Red Hat would like to thank Fatih Çelik for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1764",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T14:56:27.321271Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-16T14:56:55.109Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "tracker-miners",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "tracker-miners",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "tracker-miners",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Fatih \u00c7elik for reporting this issue."
        }
      ],
      "datePublic": "2026-02-02T11:11:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the `extract_performers_tags` function can lead to a heap buffer overflow. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by triggering a read of unmapped memory. In some cases, it could also lead to information disclosure by reading visible heap data."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T00:32:34.371Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-1764"
        },
        {
          "name": "RHBZ#2435980",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435980"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-02T14:47:22.621Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-02-02T11:11:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leads to denial of service or information disclosure when parsing mp3 files",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2026-1764",
    "datePublished": "2026-06-16T00:32:34.371Z",
    "dateReserved": "2026-02-02T14:56:26.038Z",
    "dateUpdated": "2026-06-16T14:56:55.109Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1334 (GCVE-0-2026-1334)

Vulnerability from cvelistv5 – Published: 2026-02-16 13:36 – Updated: 2026-02-26 14:44
VLAI
Title
Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026
Summary
An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
3DS
Impacted products
Vendor Product Version
Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP5 (custom)
Affected: Release SOLIDWORKS Desktop 2026 SP0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1334",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-18T04:56:23.134147Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T14:44:20.014Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SOLIDWORKS eDrawings",
          "vendor": "Dassault Syst\u00e8mes",
          "versions": [
            {
              "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP5",
              "status": "affected",
              "version": "Release SOLIDWORKS Desktop 2025 SP0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "Release SOLIDWORKS Desktop 2026 SP0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
            }
          ],
          "value": "An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-16T13:36:41.632Z",
        "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "shortName": "3DS"
      },
      "references": [
        {
          "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1334"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
    "assignerShortName": "3DS",
    "cveId": "CVE-2026-1334",
    "datePublished": "2026-02-16T13:36:41.632Z",
    "dateReserved": "2026-01-22T08:10:56.326Z",
    "dateUpdated": "2026-02-26T14:44:20.014Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0956 (GCVE-0-2026-0956)

Vulnerability from cvelistv5 – Published: 2026-03-13 15:11 – Updated: 2026-03-15 01:51
VLAI
Title
Out-Of-Bounds Read in Digilent DASYLab
Summary
There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
NI
Impacted products
Vendor Product Version
Digilent DASYLab Affected: 0 , ≤ * (semver)
Create a notification for this product.
Credits
Rocco Calvi (@TecR0c) with TecSecurity Trend Micro Zero Day Initiative
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0956",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-14T03:55:31.831342Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-15T01:51:18.956Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DASYLab",
          "vendor": "Digilent",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Rocco Calvi (@TecR0c) with TecSecurity"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Trend Micro Zero Day Initiative"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. \u0026nbsp;This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.\u0026nbsp;\u003c/p\u003e"
            }
          ],
          "value": "There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. \u00a0This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-13T15:11:31.443Z",
        "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "shortName": "NI"
      },
      "references": [
        {
          "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/out-of-bounds-read-vulnerabilities-in-digilent-dasylab.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Out-Of-Bounds Read in Digilent DASYLab",
      "x_generator": {
        "engine": "Vulnogram 1.0.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
    "assignerShortName": "NI",
    "cveId": "CVE-2026-0956",
    "datePublished": "2026-03-13T15:11:31.443Z",
    "dateReserved": "2026-01-14T19:16:24.636Z",
    "dateUpdated": "2026-03-15T01:51:18.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0955 (GCVE-0-2026-0955)

Vulnerability from cvelistv5 – Published: 2026-03-13 15:07 – Updated: 2026-03-15 01:51
VLAI
Title
Out-Of-Bounds Read When Opening a Corrupt File in Digilent DASYLab
Summary
There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
NI
Impacted products
Vendor Product Version
Digilent DASYLab Affected: 0 , ≤ * (semver)
Create a notification for this product.
Credits
Rocco Calvi (@TecR0c) with TecSecurity Trend Micro Zero Day Initiative
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0955",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-14T03:55:31.114646Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-15T01:51:19.093Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DASYLab",
          "vendor": "Digilent",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Rocco Calvi (@TecR0c) with TecSecurity"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Trend Micro Zero Day Initiative"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. \u0026nbsp;This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.\u003c/p\u003e"
            }
          ],
          "value": "There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. \u00a0This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-13T15:12:05.756Z",
        "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "shortName": "NI"
      },
      "references": [
        {
          "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/out-of-bounds-read-vulnerabilities-in-digilent-dasylab.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Out-Of-Bounds Read When Opening a Corrupt File in Digilent DASYLab",
      "x_generator": {
        "engine": "Vulnogram 1.0.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
    "assignerShortName": "NI",
    "cveId": "CVE-2026-0955",
    "datePublished": "2026-03-13T15:07:36.285Z",
    "dateReserved": "2026-01-14T19:16:23.783Z",
    "dateUpdated": "2026-03-15T01:51:19.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0708 (GCVE-0-2026-0708)

Vulnerability from cvelistv5 – Published: 2026-03-17 02:28 – Updated: 2026-03-17 13:26
VLAI
Title
Libucl: libucl: denial of service via embedded null byte in ucl input
Summary
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the `ucl_object_emit` function when parsing and emitting the object, leading to a Denial of Service (DoS) for the affected system.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
libucl libucl Affected: 3e7f023e184e06f30fb5792dacd9dd0f8b692f1b (git)
Create a notification for this product.
Date Public
2025-05-15 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0708",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-17T13:26:43.148913Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-17T13:26:47.057Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/vstakhov/libucl/issues/323"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/vstakhov/libucl",
          "defaultStatus": "unknown",
          "packageName": "libucl",
          "product": "libucl",
          "vendor": "libucl",
          "versions": [
            {
              "status": "affected",
              "version": "3e7f023e184e06f30fb5792dacd9dd0f8b692f1b",
              "versionType": "git"
            }
          ]
        }
      ],
      "datePublic": "2025-05-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the `ucl_object_emit` function when parsing and emitting the object, leading to a Denial of Service (DoS) for the affected system."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-17T11:38:51.414Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-0708"
        },
        {
          "name": "RHBZ#2427770",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427770"
        },
        {
          "url": "https://github.com/vstakhov/libucl/issues/323"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-01-08T03:30:46.275Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-05-15T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Libucl: libucl: denial of service via embedded null byte in ucl input",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, applications utilizing `libucl` should avoid processing untrusted input that contains keys with embedded null bytes, especially when operating in `UCL_PARSER_ZEROCOPY` mode. Restricting input to trusted sources can reduce exposure."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2026-0708",
    "datePublished": "2026-03-17T02:28:08.429Z",
    "dateReserved": "2026-01-08T03:31:35.226Z",
    "dateUpdated": "2026-03-17T13:26:47.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0402 (GCVE-0-2026-0402)

Vulnerability from cvelistv5 – Published: 2026-02-24 14:58 – Updated: 2026-02-24 15:33
VLAI
Summary
A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
SonicWall SonicOS Affected: 7.0.1-5169 and older versions
Affected: 7.3.1-7013 and older versions
Affected: 8.1.0-8017 and older versions
Create a notification for this product.
Date Public
2026-02-24 13:46
Credits
Vang3lis of VARAS@IIE N3vv of Red-Shield Security Lab
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 4.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0402",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-24T15:33:47.902153Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-24T15:33:50.674Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Linux",
            "Gen7",
            "Gen8"
          ],
          "product": "SonicOS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.1-5169 and older versions"
            },
            {
              "status": "affected",
              "version": "7.3.1-7013 and older versions"
            },
            {
              "status": "affected",
              "version": "8.1.0-8017 and older versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Vang3lis of VARAS@IIE"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "N3vv of Red-Shield Security Lab"
        }
      ],
      "datePublic": "2026-02-24T13:46:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-24T14:58:37.608Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0001"
        }
      ],
      "source": {
        "advisory": "SNWLID-2026-0001",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2026-0402",
    "datePublished": "2026-02-24T14:58:37.608Z",
    "dateReserved": "2025-12-02T06:28:47.831Z",
    "dateUpdated": "2026-02-24T15:33:50.674Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-71264 (GCVE-0-2025-71264)

Vulnerability from cvelistv5 – Published: 2026-03-16 06:13 – Updated: 2026-03-16 14:40
VLAI
Summary
Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash).
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Mumble Mumble Affected: 0 , < 1.6.870 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-71264",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-16T13:44:30.386354Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-16T14:40:37.627Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mumble",
          "vendor": "Mumble",
          "versions": [
            {
              "lessThan": "1.6.870",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-16T06:21:34.829Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/mumble-voip/mumble/commit/ff2a2332cccb267721553f09c0ded4de880622e0"
        },
        {
          "url": "https://github.com/mumble-voip/mumble/pull/7032"
        },
        {
          "url": "https://bugs.debian.org/1129178"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-71264",
    "datePublished": "2026-03-16T06:13:51.207Z",
    "dateReserved": "2026-03-16T06:13:50.762Z",
    "dateUpdated": "2026-03-16T14:40:37.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-68431 (GCVE-0-2025-68431)

Vulnerability from cvelistv5 – Published: 2025-12-29 19:09 – Updated: 2025-12-30 22:26
VLAI
Title
libheif has Potential Heap Buffer Over-Read
Summary
libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped overlay rectangle or invalid offsets), which then underflows when converted to `size_t` and is passed to `memcpy`, causing a very large read past the end of the source plane and a crash. Version 1.21.0 contains a patch. As a workaround, avoid decoding images using `iovl` overlay boxes.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-125 - Out-of-bounds Read
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
strukturag libheif Affected: < 1.21.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-68431",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-30T21:54:12.455580Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-30T22:26:20.374Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libheif",
          "vendor": "strukturag",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.21.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped overlay rectangle or invalid offsets), which then underflows when converted to `size_t` and is passed to `memcpy`, causing a very large read past the end of the source plane and a crash. Version 1.21.0 contains a patch. As a workaround, avoid decoding images using `iovl` overlay boxes."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-29T19:09:54.628Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/strukturag/libheif/security/advisories/GHSA-j87x-4gmq-cqfq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/strukturag/libheif/security/advisories/GHSA-j87x-4gmq-cqfq"
        },
        {
          "name": "https://github.com/strukturag/libheif/commit/b8c12a7b70f46c9516711a988483bed377b78d46",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/strukturag/libheif/commit/b8c12a7b70f46c9516711a988483bed377b78d46"
        },
        {
          "name": "https://github.com/strukturag/libheif/releases/tag/v1.21.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/strukturag/libheif/releases/tag/v1.21.0"
        }
      ],
      "source": {
        "advisory": "GHSA-j87x-4gmq-cqfq",
        "discovery": "UNKNOWN"
      },
      "title": "libheif has Potential Heap Buffer Over-Read"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-68431",
    "datePublished": "2025-12-29T19:09:54.628Z",
    "dateReserved": "2025-12-17T15:29:39.380Z",
    "dateUpdated": "2025-12-30T22:26:20.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Architecture and Design

Strategy: Language Selection

Use a language that provides appropriate memory abstractions.

CAPEC-540: Overread Buffers

An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.