Common Weakness Enumeration

CWE-190

Allowed

Integer Overflow or Wraparound

Abstraction: Base · Status: Stable

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

3867 vulnerabilities reference this CWE, most recent first.

CVE-2025-46333 (GCVE-0-2025-46333)

Vulnerability from cvelistv5 – Published: 2025-04-25 20:20 – Updated: 2025-04-28 14:17
VLAI
Title
z2d OOB composition could lead to invalid memory access and corruption
Summary
z2d is a pure Zig 2D graphics library. Versions of z2d after `0.5.1` and up to and including `0.6.0`, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, and higher-level operations when the anti-aliasing mode is set to `.default` (such as `Context.fill`, `Context.stroke`, `painter.fill`, and `painter.stroke`), the source surface can be completely out-of-bounds on the x-axis, but not on the y-axis, by way of a negative offset. This results in an overflow of the value controlling the length of the stride. In non-safe optimization modes (consumers compiling with `ReleaseFast` or `ReleaseSmall`), this could potentially lead to invalid memory accesses or corruption. This issue is patched in version `0.6.1`. Users on an untagged version after `v0.5.1` and before `v0.6.1` are advised to update to address the vulnerability. Those still on Zig `0.13.0` are recommended to downgrade to `v0.5.1`.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-122 - Heap-based Buffer Overflow
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
vancluever z2d Affected: > 0.5.1, <= 0.6.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-46333",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-25T21:36:42.840839Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-25T21:42:11.412Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "z2d",
          "vendor": "vancluever",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e 0.5.1, \u003c= 0.6.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "z2d is a pure Zig 2D graphics library. Versions of z2d after `0.5.1` and up to and including `0.6.0`, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, and higher-level operations when the anti-aliasing mode is set to `.default` (such as `Context.fill`, `Context.stroke`, `painter.fill`, and `painter.stroke`), the source surface can be completely out-of-bounds on the x-axis, but not on the y-axis, by way of a negative offset. This results in an overflow of the value controlling the length of the stride. In non-safe optimization modes (consumers compiling with `ReleaseFast` or `ReleaseSmall`), this could potentially lead to invalid memory accesses or corruption.\n\nThis issue is patched in version `0.6.1`. Users on an untagged version after `v0.5.1` and before `v0.6.1` are advised to update to address the vulnerability. Those still on Zig `0.13.0` are recommended to downgrade to `v0.5.1`."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-28T14:17:45.653Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vancluever/z2d/security/advisories/GHSA-mm4c-p35v-7hx3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vancluever/z2d/security/advisories/GHSA-mm4c-p35v-7hx3"
        },
        {
          "name": "https://github.com/vancluever/z2d/issues/104",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vancluever/z2d/issues/104"
        },
        {
          "name": "https://github.com/vancluever/z2d/issues/105",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vancluever/z2d/issues/105"
        }
      ],
      "source": {
        "advisory": "GHSA-mm4c-p35v-7hx3",
        "discovery": "UNKNOWN"
      },
      "title": "z2d OOB composition could lead to invalid memory access and corruption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-46333",
    "datePublished": "2025-04-25T20:20:22.202Z",
    "dateReserved": "2025-04-22T22:41:54.911Z",
    "dateUpdated": "2025-04-28T14:17:45.653Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-43556 (GCVE-0-2025-43556)

Vulnerability from cvelistv5 – Published: 2025-05-13 17:39 – Updated: 2025-05-13 18:10
VLAI
Title
Animate | Integer Overflow or Wraparound (CWE-190)
Summary
Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound (CWE-190)
Assigner
References
Impacted products
Vendor Product Version
Adobe Animate Affected: 0 , ≤ 23.0.11 (semver)
Create a notification for this product.
Date Public
2025-05-13 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-43556",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-13T18:09:40.838054Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-13T18:10:08.723Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Animate",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "23.0.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-05-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "Integer Overflow or Wraparound (CWE-190)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-13T17:39:50.252Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/animate/apsb25-42.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Animate | Integer Overflow or Wraparound (CWE-190)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-43556",
    "datePublished": "2025-05-13T17:39:50.252Z",
    "dateReserved": "2025-04-16T16:23:13.179Z",
    "dateUpdated": "2025-05-13T18:10:08.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-43547 (GCVE-0-2025-43547)

Vulnerability from cvelistv5 – Published: 2025-05-13 17:53 – Updated: 2025-05-13 18:29
VLAI
Title
Bridge | Integer Overflow or Wraparound (CWE-190)
Summary
Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound (CWE-190)
Assigner
References
Impacted products
Vendor Product Version
Adobe Bridge Affected: 0 , ≤ 14.1.6 (semver)
Create a notification for this product.
Date Public
2025-05-13 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-43547",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-13T18:18:39.532852Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-13T18:29:46.737Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Bridge",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "14.1.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-05-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "Integer Overflow or Wraparound (CWE-190)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-13T17:53:00.392Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/bridge/apsb25-44.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Bridge | Integer Overflow or Wraparound (CWE-190)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-43547",
    "datePublished": "2025-05-13T17:53:00.392Z",
    "dateReserved": "2025-04-16T16:23:13.178Z",
    "dateUpdated": "2025-05-13T18:29:46.737Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-41726 (GCVE-0-2025-41726)

Vulnerability from cvelistv5 – Published: 2026-01-27 11:35 – Updated: 2026-01-27 14:08
VLAI
Title
Beckhoff: Arbitrary code execution within privileged processes
Summary
A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
References
Credits
Diego Giubertoni from Nozomi Networks
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41726",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-27T14:02:23.024430Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-27T14:08:37.385Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Beckhoff.Device.Manager.XAR",
          "vendor": "Beckhoff Automation",
          "versions": [
            {
              "lessThan": "2.5.3",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MDP software package for TwinCAT/BSD",
          "vendor": "Beckhoff Automation",
          "versions": [
            {
              "lessThan": "1.7.0.0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MDP for Beckhoff RT Linux(R)",
          "vendor": "Beckhoff Automation",
          "versions": [
            {
              "lessThan": "0.0.5",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Diego Giubertoni from Nozomi Networks"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.\u003cbr\u003e"
            }
          ],
          "value": "A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-27T11:35:37.391Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/de/advisories/VDE-2025-092"
        }
      ],
      "source": {
        "advisory": "VDE-2025-092",
        "defect": [
          "CERT@VDE#641867"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Beckhoff: Arbitrary code execution within privileged processes",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2025-41726",
    "datePublished": "2026-01-27T11:35:37.391Z",
    "dateReserved": "2025-04-16T11:17:48.318Z",
    "dateUpdated": "2026-01-27T14:08:37.385Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-40907 (GCVE-0-2025-40907)

Vulnerability from cvelistv5 – Published: 2025-05-16 13:03 – Updated: 2025-09-05 13:23
VLAI
Title
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library
Summary
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1395 - Dependency on Vulnerable Third-Party Component
  • CWE-190 - Integer Overflow or Wraparound
  • CWE-122 - Heap-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
ETHER FCGI Affected: 0.44 , ≤ 0.82 (custom)
Create a notification for this product.
Credits
Synacktiv
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-40907",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-16T15:07:46.084885Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-16T15:09:00.138Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://cpan.org/modules",
          "defaultStatus": "unaffected",
          "packageName": "FCGI",
          "product": "FCGI",
          "programFiles": [
            "libfcgi/fcgiapp.c"
          ],
          "programRoutines": [
            {
              "name": "ReadParams()"
            }
          ],
          "repo": "https://github.com/FastCGI-Archives/fcgi2",
          "vendor": "ETHER",
          "versions": [
            {
              "lessThanOrEqual": "0.82",
              "status": "affected",
              "version": "0.44",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Synacktiv"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.\u003cbr\u003e\u003cbr\u003eThe included FastCGI library is affected by  CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.\u003cbr\u003e"
            }
          ],
          "value": "FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.\n\nThe included FastCGI library is affected by  CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A proof of concept exploit for the underlying library exists at\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library#exploitation\"\u003ehttps://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library#exploitation\u003c/a\u003e"
            }
          ],
          "value": "A proof of concept exploit for the underlying library exists at\u00a0 https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library#exploitation"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1395",
              "description": "CWE-1395: Dependency on Vulnerable Third-Party Component",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-05T13:23:05.630Z",
        "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "shortName": "CPANSec"
      },
      "references": [
        {
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2025/04/23/4"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/FastCGI-Archives/fcgi2/issues/67"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/perl-catalyst/FCGI/issues/14"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://patch-diff.githubusercontent.com/raw/FastCGI-Archives/fcgi2/pull/74.patch"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Updating to version 2.4.5 of the included fcgi2 library and rebuilding the Perl module will protect against the vulnerability.\u003cbr\u003e\u003cbr\u003eWe also recommend limiting potential remote access to the FastCGI socket by declaring it as a UNIX socket.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "Updating to version 2.4.5 of the included fcgi2 library and rebuilding the Perl module will protect against the vulnerability.\n\nWe also recommend limiting potential remote access to the FastCGI socket by declaring it as a UNIX socket."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
    "assignerShortName": "CPANSec",
    "cveId": "CVE-2025-40907",
    "datePublished": "2025-05-16T13:03:02.774Z",
    "dateReserved": "2025-04-16T09:05:34.360Z",
    "dateUpdated": "2025-09-05T13:23:05.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-40906 (GCVE-0-2025-40906)

Vulnerability from cvelistv5 – Published: 2025-05-16 15:15 – Updated: 2025-09-09 13:54
VLAI
Title
BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities
Summary
BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1395 - Dependency on Vulnerable Third-Party Component
  • CWE-1104 - Use of Unmaintained Third Party Components
  • CWE-122 - Heap-based Buffer Overflow
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
MONGODB BSON::XS Affected: 0 , ≤ 0.8.4 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-40906",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-17T02:38:23.781160Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-09T13:54:31.287Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://cpan.org/modules",
          "defaultStatus": "unaffected",
          "packageName": "BSON-XS",
          "product": "BSON::XS",
          "repo": "https://github.com/mongodb-labs/mongo-perl-bson-xs",
          "vendor": "MONGODB",
          "versions": [
            {
              "lessThanOrEqual": "0.8.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities.\u003cbr\u003e\u003cbr\u003eThose include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. \u003cbr\u003e\u003cbr\u003eBSON-XS was the official Perl XS implementation of MongoDB\u0027s BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.\u003cbr\u003e"
            }
          ],
          "value": "BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities.\n\nThose include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. \n\nBSON-XS was the official Perl XS implementation of MongoDB\u0027s BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1395",
              "description": "CWE-1395 Dependency on Vulnerable Third-Party Component",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1104",
              "description": "CWE-1104 Use of Unmaintained Third Party Components",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-05T13:22:22.125Z",
        "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "shortName": "CPANSec"
      },
      "references": [
        {
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.mongodb.com/community/forums/t/mongodb-perl-driver-end-of-life/7890"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Manually remove the bundled version of libbson, update the \"bson\" folder with an up-to-date version of libbson\u0027s source code and try building against it."
            }
          ],
          "value": "Manually remove the bundled version of libbson, update the \"bson\" folder with an up-to-date version of libbson\u0027s source code and try building against it."
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Consider using a security patched version of BSON::XS from a downstream packager or OS distribution."
            }
          ],
          "value": "Consider using a security patched version of BSON::XS from a downstream packager or OS distribution."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
    "assignerShortName": "CPANSec",
    "cveId": "CVE-2025-40906",
    "datePublished": "2025-05-16T15:15:49.810Z",
    "dateReserved": "2025-04-16T09:05:34.360Z",
    "dateUpdated": "2025-09-09T13:54:31.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-36853 (GCVE-0-2025-36853)

Vulnerability from cvelistv5 – Published: 2025-09-08 13:48 – Updated: 2025-09-08 13:52
VLAI
Title
EOL .NET 6.0 Runtime Remote Code Execution Vulnerability
Summary
A vulnerability (CVE-2025-21172) exists in msdia140.dll due to integer overflow and heap-based overflow. Per CWE-122: Heap-based Buffer Overflow, a heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().‍ Per CWE-190: Integer Overflow or Wraparound, is when a product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
  • CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
Microsoft .NET 6.0 Affected: 6.0.0 , < 6.0.36 (custom)
Create a notification for this product.
Microsoft Microsoft.NetCore.App.Runtime.linux-arm Affected: >=6.0.0 , ≤ 6.0.36 (semver)
Create a notification for this product.
Microsoft Microsoft.NetCore.App.Runtime.linux-arm64 Affected: >=6.0.0 , ≤ 6.0.36 (semver)
Create a notification for this product.
Microsoft Microsoft.NetCore.App.Runtime.linux-musl-arm Affected: >=6.0.0 , ≤ 6.0.36 (semver)
Create a notification for this product.
Microsoft Microsoft.NetCore.App.Runtime.linux-musl-arm64 Affected: >=6.0.0 , ≤ 6.0.36 (semver)
Create a notification for this product.
Microsoft Microsoft.NetCore.App.Runtime.linux-musl-x64 Affected: >=6.0.0 , ≤ 6.0.36 (semver)
Create a notification for this product.
Microsoft Microsoft.NetCore.App.Runtime.linux-x64 Affected: >=6.0.0 , ≤ 6.0.36 (semver)
Create a notification for this product.
Microsoft Microsoft.NetCore.App.Runtime.osx-arm64 Affected: >=6.0.0 , ≤ 6.0.36 (semver)
Create a notification for this product.
Microsoft Microsoft.NetCore.App.Runtime.osx-x64 Affected: >=6.0.0 , ≤ 6.0.36 (semver)
Create a notification for this product.
Microsoft Microsoft.NetCore.App.Runtime.win-arm Affected: >=6.0.0 , ≤ 6.0.36 (semver)
Create a notification for this product.
Microsoft Microsoft.NetCore.App.Runtime.win-arm64 Affected: >=6.0.0 , ≤ 6.0.36 (semver)
Create a notification for this product.
Microsoft Microsoft.NetCore.App.Runtime.win-x64 Affected: >=6.0.0 , ≤ 6.0.36 (semver)
Create a notification for this product.
Microsoft Microsoft.NetCore.App.Runtime.win-x86 Affected: >=6.0.0 , ≤ 6.0.36 (semver)
Create a notification for this product.
Date Public
2025-01-14 08:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36853",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-08T13:52:31.457765Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-08T13:52:43.781Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows",
            "MacOS",
            "Linux"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.36",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "Microsoft.AspNetCore.Identity",
          "platforms": [
            "Windows",
            "Linux",
            "MacOS"
          ],
          "product": "Microsoft.NetCore.App.Runtime.linux-arm",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThanOrEqual": "6.0.36",
              "status": "affected",
              "version": "\u003e=6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "Microsoft.AspNetCore.Identity",
          "platforms": [
            "Windows",
            "Linux",
            "MacOS"
          ],
          "product": "Microsoft.NetCore.App.Runtime.linux-arm64",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThanOrEqual": "6.0.36",
              "status": "affected",
              "version": "\u003e=6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "Microsoft.AspNetCore.Identity",
          "platforms": [
            "Windows",
            "Linux",
            "MacOS"
          ],
          "product": "Microsoft.NetCore.App.Runtime.linux-musl-arm",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThanOrEqual": "6.0.36",
              "status": "affected",
              "version": "\u003e=6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "Microsoft.AspNetCore.Identity",
          "platforms": [
            "Windows",
            "Linux",
            "MacOS"
          ],
          "product": "Microsoft.NetCore.App.Runtime.linux-musl-arm64",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThanOrEqual": "6.0.36",
              "status": "affected",
              "version": "\u003e=6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "Microsoft.AspNetCore.Identity",
          "platforms": [
            "Windows",
            "Linux",
            "MacOS"
          ],
          "product": "Microsoft.NetCore.App.Runtime.linux-musl-x64",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThanOrEqual": "6.0.36",
              "status": "affected",
              "version": "\u003e=6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "Microsoft.AspNetCore.Identity",
          "platforms": [
            "Windows",
            "Linux",
            "MacOS"
          ],
          "product": "Microsoft.NetCore.App.Runtime.linux-x64",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThanOrEqual": "6.0.36",
              "status": "affected",
              "version": "\u003e=6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "Microsoft.AspNetCore.Identity",
          "platforms": [
            "Windows",
            "Linux",
            "MacOS"
          ],
          "product": "Microsoft.NetCore.App.Runtime.osx-arm64",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThanOrEqual": "6.0.36",
              "status": "affected",
              "version": "\u003e=6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "Microsoft.AspNetCore.Identity",
          "platforms": [
            "Windows",
            "Linux",
            "MacOS"
          ],
          "product": "Microsoft.NetCore.App.Runtime.osx-x64",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThanOrEqual": "6.0.36",
              "status": "affected",
              "version": "\u003e=6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "Microsoft.AspNetCore.Identity",
          "platforms": [
            "Windows",
            "Linux",
            "MacOS"
          ],
          "product": "Microsoft.NetCore.App.Runtime.win-arm",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThanOrEqual": "6.0.36",
              "status": "affected",
              "version": "\u003e=6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "Microsoft.AspNetCore.Identity",
          "platforms": [
            "Windows",
            "Linux",
            "MacOS"
          ],
          "product": "Microsoft.NetCore.App.Runtime.win-arm64",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThanOrEqual": "6.0.36",
              "status": "affected",
              "version": "\u003e=6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "Microsoft.AspNetCore.Identity",
          "platforms": [
            "Windows",
            "Linux",
            "MacOS"
          ],
          "product": "Microsoft.NetCore.App.Runtime.win-x64",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThanOrEqual": "6.0.36",
              "status": "affected",
              "version": "\u003e=6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "Microsoft.AspNetCore.Identity",
          "platforms": [
            "Windows",
            "Linux",
            "MacOS"
          ],
          "product": "Microsoft.NetCore.App.Runtime.win-x86",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThanOrEqual": "6.0.36",
              "status": "affected",
              "version": "\u003e=6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-01-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA vulnerability (CVE-2025-21172) exists in \u003cem\u003emsdia140.dll\u003c/em\u003e\u0026nbsp;due to integer overflow and heap-based overflow.\u003c/p\u003e \u003cp\u003ePer CWE-122: Heap-based Buffer Overflow, a heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as \u003cem\u003emalloc()\u003c/em\u003e.\u200d\u003c/p\u003e \u003cp\u003ePer CWE-190: Integer Overflow or Wraparound, is when a product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.\u003c/p\u003e \u003cp\u003e\u003cstrong\u003eNOTE:\u003c/strong\u003e This CVE affects only\u003cstrong\u003e End Of Life (EOL)\u003c/strong\u003e\u0026nbsp;software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.\u003c/p\u003e"
            }
          ],
          "value": "A vulnerability (CVE-2025-21172) exists in msdia140.dll\u00a0due to integer overflow and heap-based overflow.\n\n Per CWE-122: Heap-based Buffer Overflow, a heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().\u200d\n\n Per CWE-190: Integer Overflow or Wraparound, is when a product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.\n\n NOTE: This CVE affects only End Of Life (EOL)\u00a0software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en-US",
              "type": "CWE"
            },
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-08T13:48:43.492Z",
        "orgId": "36c7be3b-2937-45df-85ea-ca7133ea542c",
        "shortName": "HeroDevs"
      },
      "references": [
        {
          "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21172"
        },
        {
          "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172"
        }
      ],
      "title": "EOL .NET 6.0 Runtime Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36c7be3b-2937-45df-85ea-ca7133ea542c",
    "assignerShortName": "HeroDevs",
    "cveId": "CVE-2025-36853",
    "datePublished": "2025-09-08T13:48:43.492Z",
    "dateReserved": "2025-04-15T23:50:31.198Z",
    "dateUpdated": "2025-09-08T13:52:43.781Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-34297 (GCVE-0-2025-34297)

Vulnerability from cvelistv5 – Published: 2025-12-01 18:18 – Updated: 2026-07-14 22:25
VLAI
Title
KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc
Summary
KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can wrap to a small value when nfft is large. As a result, malloc() allocates an undersized buffer and the subsequent twiddle-factor initialization loop writes nfft elements, causing a heap buffer overflow. This vulnerability only affects 32-bit architectures.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
mborgerding/kissfft mborgerding/kissfft Affected: 0 , < 1b08316582049c3716154caefc0deab8758506e3 (git)
Create a notification for this product.
Credits
Sajeeb Lohani of Bugcrowd Security Innovation Lab
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-34297",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-01T18:36:15.952712Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-01T18:37:26.779Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:github/mborgerding/kissfft",
          "platforms": [
            "32 bit"
          ],
          "product": "mborgerding/kissfft",
          "repo": "https://github.com/mborgerding/kissfft",
          "vendor": "mborgerding/kissfft",
          "versions": [
            {
              "lessThan": "1b08316582049c3716154caefc0deab8758506e3",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sajeeb Lohani of Bugcrowd Security Innovation Lab"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can wrap to a small value when nfft is large. As a result, malloc() allocates an undersized buffer and the subsequent twiddle-factor initialization loop writes nfft elements, causing a heap buffer overflow. This vulnerability only affects 32-bit architectures."
            }
          ],
          "value": "KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can wrap to a small value when nfft is large. As a result, malloc() allocates an undersized buffer and the subsequent twiddle-factor initialization loop writes nfft elements, causing a heap buffer overflow. This vulnerability only affects 32-bit architectures."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T22:25:55.819Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/mborgerding/kissfft/commit/1b08316582049c3716154caefc0deab8758506e3"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/mborgerding/kissfft/issues/120"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/kissfft-integer-overflow-heap-buffer-overflow"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2025-34297",
    "datePublished": "2025-12-01T18:18:15.156Z",
    "dateReserved": "2025-04-15T19:15:22.582Z",
    "dateUpdated": "2026-07-14T22:25:55.819Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-33219 (GCVE-0-2025-33219)

Vulnerability from cvelistv5 – Published: 2026-01-28 17:48 – Updated: 2026-02-26 15:04
VLAI
Summary
NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
NVIDIA GeForce Affected: All driver versions prior to 590.48.01
Create a notification for this product.
NVIDIA GeForce Affected: All driver versions prior to 580.126.09
Create a notification for this product.
NVIDIA GeForce Affected: All driver versions prior to 570.211.01
Create a notification for this product.
NVIDIA GeForce Affected: All driver versions prior to 535.288.01
Create a notification for this product.
NVIDIA RTX PRO, RTX, Quadro Affected: All driver versions prior to 590.48.01
Create a notification for this product.
NVIDIA RTX PRO, RTX, Quadro Affected: All driver versions prior to 580.126.09
Create a notification for this product.
NVIDIA RTX PRO, RTX, Quadro Affected: All driver versions prior to 570.211.01
Create a notification for this product.
NVIDIA RTX PRO, RTX, Quadro Affected: All driver versions prior to 535.288.01
Create a notification for this product.
NVIDIA Tesla Affected: All driver versions prior to 590.48.01
Create a notification for this product.
NVIDIA Tesla Affected: All driver versions prior to 580.126.09
Create a notification for this product.
NVIDIA Tesla Affected: All driver versions prior to 570.211.01
Create a notification for this product.
NVIDIA Tesla Affected: All driver versions prior to 535.288.01
Create a notification for this product.
NVIDIA Guest driver Affected: 580.105.08(All versions prior to and including vGPU software 19.3)
Create a notification for this product.
NVIDIA Guest driver Affected: 570.195.03(All versions prior to and including vGPU software 18.5)
Create a notification for this product.
NVIDIA Guest driver Affected: 535.274.02(All versions prior to and including vGPU software 16.12)
Create a notification for this product.
NVIDIA Virtual GPU Manager Affected: 580.105.06(All versions prior to and including vGPU software 19.3)
Create a notification for this product.
NVIDIA Virtual GPU Manager Affected: 570.195.02(All versions prior to and including vGPU software 18.5)
Create a notification for this product.
NVIDIA Virtual GPU Manager Affected: 535.274.03(All versions prior to and including vGPU software 16.12)
Create a notification for this product.
NVIDIA Guest driver Affected: 580.105.08(All versions up to and including the November 2025 release)
Create a notification for this product.
NVIDIA Virtual GPU Manager Affected: 580.105.06(All versions up to and including the November 2025 release)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-33219",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T04:55:53.249554Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:46.284Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R590)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 590.48.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 580.126.09"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R570)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 570.211.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 535.288.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R590)"
          ],
          "product": "RTX PRO, RTX, Quadro",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 590.48.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580)"
          ],
          "product": "RTX PRO, RTX, Quadro",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 580.126.09"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R570)"
          ],
          "product": "RTX PRO, RTX, Quadro",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 570.211.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535)"
          ],
          "product": "RTX PRO, RTX, Quadro",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 535.288.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R590)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 590.48.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 580.126.09"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R570)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 570.211.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 535.288.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580 vGPU 19)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "580.105.08(All versions prior to and including vGPU software 19.3)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R570 vGPU 18)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "570.195.03(All versions prior to and including vGPU software 18.5)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535 vGPU 16)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "535.274.02(All versions prior to and including vGPU software 16.12)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "XenServer",
            "VMware vSphere",
            "Red Hat Enterprise Linux KVM",
            "Ubuntu(vGPU 19)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "580.105.06(All versions prior to and including vGPU software 19.3)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "XenServer",
            "VMware vSphere",
            "Red Hat Enterprise Linux KVM",
            "Ubuntu(vGPU 18)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "570.195.02(All versions prior to and including vGPU software 18.5)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "XenServer",
            "VMware vSphere",
            "Red Hat Enterprise Linux KVM",
            "Ubuntu(vGPU 16)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "535.274.03(All versions prior to and including vGPU software 16.12)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(Gaming)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "580.105.08(All versions up to and including the November 2025 release)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Red Hat Enterprise Linux KVM",
            "VMware vSphere(Gaming)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "580.105.06(All versions up to and including the November 2025 release)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure."
            }
          ],
          "value": "NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, escalation of privileges, data tampering, denial of service, information disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T17:48:07.106Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33219"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33219"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5747"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2025-33219",
    "datePublished": "2026-01-28T17:48:07.106Z",
    "dateReserved": "2025-04-15T18:51:06.915Z",
    "dateUpdated": "2026-02-26T15:04:46.284Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-33218 (GCVE-0-2025-33218)

Vulnerability from cvelistv5 – Published: 2026-01-28 17:47 – Updated: 2026-02-26 15:04
VLAI
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
NVIDIA GeForce Affected: All driver versions prior to 591.59
Create a notification for this product.
NVIDIA RTX PRO, RTX, Quadro Affected: All driver versions prior to 591.59
Create a notification for this product.
NVIDIA RTX PRO, RTX, Quadro Affected: All driver versions prior to 582.16
Create a notification for this product.
NVIDIA RTX PRO, RTX, Quadro Affected: All driver versions prior to 573.96
Create a notification for this product.
NVIDIA RTX PRO, RTX, Quadro Affected: All driver versions prior to 539.64
Create a notification for this product.
NVIDIA Tesla Affected: All driver versions prior to 591.59
Create a notification for this product.
NVIDIA Tesla Affected: All driver versions prior to 582.16
Create a notification for this product.
NVIDIA Tesla Affected: All driver versions prior to 573.91
Create a notification for this product.
NVIDIA Tesla Affected: All driver versions prior to 539.64
Create a notification for this product.
NVIDIA Guest driver Affected: 581.80(All versions prior to and including vGPU software 19.3)
Create a notification for this product.
NVIDIA Guest driver Affected: 573.76(All versions prior to and including vGPU software 18.5)
Create a notification for this product.
NVIDIA Guest driver Affected: 539.56(All versions prior to and including vGPU software 16.12)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-33218",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T04:55:52.128183Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:46.571Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R590)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 591.59"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R590)"
          ],
          "product": "RTX PRO, RTX, Quadro",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 591.59"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580)"
          ],
          "product": "RTX PRO, RTX, Quadro",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 582.16"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R570)"
          ],
          "product": "RTX PRO, RTX, Quadro",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 573.96"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R535)"
          ],
          "product": "RTX PRO, RTX, Quadro",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 539.64"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R590)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 591.59"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 582.16"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R570)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 573.91"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R535)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 539.64"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580 vGPU 19)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "581.80(All versions prior to and including vGPU software 19.3)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R570 vGPU 18)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "573.76(All versions prior to and including vGPU software 18.5)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R535 vGPU 16)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "539.56(All versions prior to and including vGPU software 16.12)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure."
            }
          ],
          "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, escalation of privileges, data tampering, denial of service, information disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T17:47:25.322Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33218"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33218"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5747"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2025-33218",
    "datePublished": "2026-01-28T17:47:25.322Z",
    "dateReserved": "2025-04-15T18:51:06.915Z",
    "dateUpdated": "2026-02-26T15:04:46.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Requirements

Ensure that all protocols are strictly defined, such that all out-of-bounds behavior can be identified simply, and require strict conformance to the protocol.

Mitigation MIT-3
Requirements

Strategy: Language Selection

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • If possible, choose a language or compiler that performs automatic bounds checking.
Mitigation MIT-4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
  • Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
Mitigation MIT-8
Implementation

Strategy: Input Validation

  • Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
  • Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values.
Mitigation MIT-36
Implementation
  • Understand the programming language's underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
  • Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.
Mitigation MIT-15
Architecture and Design

For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

Mitigation MIT-26
Implementation

Strategy: Compilation or Build Hardening

Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.

CAPEC-92: Forced Integer Overflow

This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.