CWE-122
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CVE-2025-15277 (GCVE-0-2025-15277)
Vulnerability from cvelistv5 – Published: 2025-12-31 06:59 – Updated: 2025-12-31 16:22
VLAI
Title
FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Summary
FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of scanlines within SGI files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27920.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
Date Public
2025-12-29 22:54
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-31T16:22:10.876749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T16:22:17.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FontForge",
"vendor": "FontForge",
"versions": [
{
"status": "affected",
"version": "88de9b7dc76fbdef9069b7664ecc280f1c15ba2f"
}
]
}
],
"dateAssigned": "2025-12-29T20:02:11.743Z",
"datePublic": "2025-12-29T22:54:57.830Z",
"descriptions": [
{
"lang": "en",
"value": "FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of scanlines within SGI files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27920."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T06:59:29.183Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-1186",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1186/"
}
],
"source": {
"lang": "en",
"value": "volticks (@movx64 on twitter)"
},
"title": "FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-15277",
"datePublished": "2025-12-31T06:59:29.183Z",
"dateReserved": "2025-12-29T20:02:11.712Z",
"dateUpdated": "2025-12-31T16:22:17.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15279 (GCVE-0-2025-15279)
Vulnerability from cvelistv5 – Published: 2025-12-31 06:59 – Updated: 2025-12-31 16:19
VLAI
Title
FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Summary
FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of pixels within BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27517.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
Date Public
2025-12-29 22:54
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-31T16:19:31.313184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T16:19:37.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FontForge",
"vendor": "FontForge",
"versions": [
{
"status": "affected",
"version": "387146a241b36bcdf6ce229c5a3fe367ed3854a1"
}
]
}
],
"dateAssigned": "2025-12-29T20:02:24.097Z",
"datePublic": "2025-12-29T22:54:02.069Z",
"descriptions": [
{
"lang": "en",
"value": "FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of pixels within BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27517."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T06:59:37.307Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-1184",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1184/"
}
],
"source": {
"lang": "en",
"value": "volticks (@movx64 on twitter)"
},
"title": "FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-15279",
"datePublished": "2025-12-31T06:59:37.307Z",
"dateReserved": "2025-12-29T20:02:24.068Z",
"dateUpdated": "2025-12-31T16:19:37.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1538 (GCVE-0-2025-1538)
Vulnerability from cvelistv5 – Published: 2025-02-21 15:00 – Updated: 2025-02-21 16:31 Unsupported When Assigned
VLAI
Title
D-Link DAP-1320 api set_ws_action heap-based overflow
Summary
A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Affected by this vulnerability is the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.296479 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.296479 | signaturepermissions-required |
| https://vuldb.com/?submit.497301 | third-party-advisory |
| https://tasty-foxtrot-3a8.notion.site/D-link-DAP-… | related |
| https://legacy.us.dlink.com/pages/product.aspx?id… | related |
| https://tasty-foxtrot-3a8.notion.site/D-link-DAP-… | exploit |
| https://www.dlink.com/ | product |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1538",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-21T16:14:54.242704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T16:31:53.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DAP-1320",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "hand_king (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Affected by this vulnerability is the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "de",
"value": "In D-Link DAP-1320 1.00 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion set_ws_action der Datei /dws/api/. Durch das Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T15:00:08.968Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-296479 | D-Link DAP-1320 api set_ws_action heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.296479"
},
{
"name": "VDB-296479 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.296479"
},
{
"name": "Submit #497301 | D-Link DAP-1320 1.00 Heap-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.497301"
},
{
"tags": [
"related"
],
"url": "https://tasty-foxtrot-3a8.notion.site/D-link-DAP-1320-set_ws_action-Vulnerability-1950448e61958049be3cc606d434bc9d?pvs=74"
},
{
"tags": [
"related"
],
"url": "https://legacy.us.dlink.com/pages/product.aspx?id=4b2bbe2e3f1d440ea65bc56c7e3dcc5c"
},
{
"tags": [
"exploit"
],
"url": "https://tasty-foxtrot-3a8.notion.site/D-link-DAP-1320-set_ws_action-Vulnerability-1950448e61958049be3cc606d434bc9d"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2025-02-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-21T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-21T09:48:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DAP-1320 api set_ws_action heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1538",
"datePublished": "2025-02-21T15:00:08.968Z",
"dateReserved": "2025-02-21T08:43:29.593Z",
"dateUpdated": "2025-02-21T16:31:53.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-15533 (GCVE-0-2025-15533)
Vulnerability from cvelistv5 – Published: 2026-01-18 05:02 – Updated: 2026-02-23 08:36 X_Open Source
VLAI
Title
raysan5 raylib rtext.c GenImageFontAtlas heap-based overflow
Summary
A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called 5a3391fdce046bc5473e52afbd835dd2dc127146. Applying a patch is advised to resolve this issue.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.341705 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.341705 | signaturepermissions-required |
| https://vuldb.com/?submit.733341 | third-party-advisory |
| https://vuldb.com/?submit.733342 | third-party-advisory |
| https://github.com/raysan5/raylib/issues/5433 | issue-tracking |
| https://github.com/raysan5/raylib/pull/5450 | issue-tracking |
| https://github.com/oneafter/1224/blob/main/hbf2 | exploit |
| https://github.com/raysan5/raylib/commit/5a3391fd… | patch |
| https://github.com/raysan5/raylib/ | product |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T18:50:27.872620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T18:53:31.970Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "raylib",
"vendor": "raysan5",
"versions": [
{
"status": "affected",
"version": "909f040"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Oneafter (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called 5a3391fdce046bc5473e52afbd835dd2dc127146. Applying a patch is advised to resolve this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T08:36:44.598Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-341705 | raysan5 raylib rtext.c GenImageFontAtlas heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.341705"
},
{
"name": "VDB-341705 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.341705"
},
{
"name": "Submit #733341 | raysan5 raylib 909f040 Heap-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.733341"
},
{
"name": "Submit #733342 | raysan5 raylib 909f040 Heap-based Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.733342"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/raysan5/raylib/issues/5433"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/raysan5/raylib/pull/5450"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/oneafter/1224/blob/main/hbf2"
},
{
"tags": [
"patch"
],
"url": "https://github.com/raysan5/raylib/commit/5a3391fdce046bc5473e52afbd835dd2dc127146"
},
{
"tags": [
"product"
],
"url": "https://github.com/raysan5/raylib/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-01-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-01-17T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-17T20:09:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "raysan5 raylib rtext.c GenImageFontAtlas heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15533",
"datePublished": "2026-01-18T05:02:08.672Z",
"dateReserved": "2026-01-17T16:11:40.667Z",
"dateUpdated": "2026-02-23T08:36:44.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15536 (GCVE-0-2025-15536)
Vulnerability from cvelistv5 – Published: 2026-01-18 09:02 – Updated: 2026-02-23 08:37 X_Open Source
VLAI
Title
BYVoid OpenCC MaxMatchSegmentation.cpp MaxMatchSegmentation heap-based overflow
Summary
A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. Patch name: 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is recommended to deploy a patch.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.341708 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.341708 | signaturepermissions-required |
| https://vuldb.com/?submit.733347 | third-party-advisory |
| https://github.com/BYVoid/OpenCC/issues/997 | issue-tracking |
| https://github.com/BYVoid/OpenCC/pull/1005 | issue-tracking |
| https://github.com/oneafter/1222/blob/main/repro | exploit |
| https://github.com/BYVoid/OpenCC/commit/345c9a50a… | patch |
| https://github.com/BYVoid/OpenCC/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15536",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T17:06:49.316017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T17:07:00.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/BYVoid/OpenCC/issues/997"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenCC",
"vendor": "BYVoid",
"versions": [
{
"status": "affected",
"version": "1.1.0"
},
{
"status": "affected",
"version": "1.1.1"
},
{
"status": "affected",
"version": "1.1.2"
},
{
"status": "affected",
"version": "1.1.3"
},
{
"status": "affected",
"version": "1.1.4"
},
{
"status": "affected",
"version": "1.1.5"
},
{
"status": "affected",
"version": "1.1.6"
},
{
"status": "affected",
"version": "1.1.7"
},
{
"status": "affected",
"version": "1.1.8"
},
{
"status": "affected",
"version": "1.1.9"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Oneafter (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. Patch name: 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is recommended to deploy a patch."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T08:37:24.565Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-341708 | BYVoid OpenCC MaxMatchSegmentation.cpp MaxMatchSegmentation heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.341708"
},
{
"name": "VDB-341708 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.341708"
},
{
"name": "Submit #733347 | BYVoid OpenCC ver.1.1.9 and master-branch Heap-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.733347"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/BYVoid/OpenCC/issues/997"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/BYVoid/OpenCC/pull/1005"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/oneafter/1222/blob/main/repro"
},
{
"tags": [
"patch"
],
"url": "https://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec"
},
{
"tags": [
"product"
],
"url": "https://github.com/BYVoid/OpenCC/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-01-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-01-17T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-07T00:23:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "BYVoid OpenCC MaxMatchSegmentation.cpp MaxMatchSegmentation heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15536",
"datePublished": "2026-01-18T09:02:12.026Z",
"dateReserved": "2026-01-17T16:27:11.665Z",
"dateUpdated": "2026-02-23T08:37:24.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15537 (GCVE-0-2025-15537)
Vulnerability from cvelistv5 – Published: 2026-01-18 10:02 – Updated: 2026-02-23 08:37
VLAI
Title
Mapnik dbfile.cpp string_value heap-based overflow
Summary
A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.341709 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.341709 | signaturepermissions-required |
| https://vuldb.com/?submit.733348 | third-party-advisory |
| https://github.com/mapnik/mapnik/issues/4543 | issue-tracking |
| https://github.com/oneafter/1218/blob/main/repro | exploit |
| https://github.com/mapnik/mapnik/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15537",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T16:52:58.311049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T16:53:04.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/mapnik/mapnik/issues/4543"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Mapnik",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Oneafter (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T08:37:39.469Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-341709 | Mapnik dbfile.cpp string_value heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.341709"
},
{
"name": "VDB-341709 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.341709"
},
{
"name": "Submit #733348 | mapnik Mapnik v4.2.0 and master-branch Heap-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.733348"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/mapnik/mapnik/issues/4543"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/oneafter/1218/blob/main/repro"
},
{
"tags": [
"product"
],
"url": "https://github.com/mapnik/mapnik/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-01-17T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-07T00:23:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "Mapnik dbfile.cpp string_value heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15537",
"datePublished": "2026-01-18T10:02:07.636Z",
"dateReserved": "2026-01-17T16:29:49.299Z",
"dateUpdated": "2026-02-23T08:37:39.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1651 (GCVE-0-2025-1651)
Vulnerability from cvelistv5 – Published: 2025-03-13 16:51 – Updated: 2026-02-26 19:09
VLAI
Title
MODEL File Parsing Heap-Based Buffer Overflow Vulnerability
Summary
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-Based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.autodesk.com/products/autodesk-access… | patch |
| https://www.autodesk.com/support/technical/articl… | patch |
| https://www.autodesk.com/trust/security-advisorie… | vendor-advisory |
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Autodesk | AutoCAD |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) Affected: 2022 , < 2022.1.6 (custom) cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD Architecture |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) Affected: 2022 , < 2022.1.6 (custom) cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD Electrical |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) Affected: 2022 , < 2022.1.6 (custom) cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD Mechanical |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) Affected: 2022 , < 2022.1.6 (custom) cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD MEP |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) Affected: 2022 , < 2022.1.6 (custom) cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD Plant 3D |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) Affected: 2022 , < 2022.1.6 (custom) cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:* |
|
| Autodesk | Civil 3D |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) Affected: 2022 , < 2022.1.6 (custom) cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:* cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:* |
|
| Autodesk | Advance Steel |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) Affected: 2022 , < 2022.1.6 (custom) cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:* cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD MAP 3D |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) Affected: 2022 , < 2022.1.6 (custom) cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1651",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T03:55:33.668027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:09:32.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.1.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.1.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.1.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.1.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.1.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.1.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.1.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.1.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MAP 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.1.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-Based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:12:23.282Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Where-can-I-download-the-latest-update-of-AutoCAD-AutoCAD-LT-2022.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MODEL File Parsing Heap-Based Buffer Overflow Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-1651",
"datePublished": "2025-03-13T16:51:30.258Z",
"dateReserved": "2025-02-24T19:20:22.743Z",
"dateUpdated": "2026-02-26T19:09:32.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1656 (GCVE-0-2025-1656)
Vulnerability from cvelistv5 – Published: 2025-04-15 20:56 – Updated: 2026-02-26 18:28
VLAI
Title
PDF File Parsing Heap-based Overflow Vulnerability
Summary
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-Based Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.autodesk.com/products/autodesk-access… | patch |
| https://www.autodesk.com/trust/security-advisorie… | vendor-advisory |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Autodesk | Revit |
Affected:
2025 , < 2025.4.1
(custom)
Affected: 2024 , < 2024.3.2 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:revit:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD |
Affected:
2025 , < 2025.1.3
(custom)
Affected: 2024 , < 2024.1.8 (custom) Affected: 2023 , < 2023.1.8 (custom) cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD LT |
Affected:
2025 , < 2025.1.3
(custom)
Affected: 2024 , < 2024.1.8 (custom) Affected: 2023 , < 2023.1.8 (custom) cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD Architecture |
Affected:
2025 , < 2025.1.3
(custom)
Affected: 2024 , < 2024.1.8 (custom) Affected: 2023 , < 2023.1.8 (custom) cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD Electrical |
Affected:
2025 , < 2025.1.3
(custom)
Affected: 2024 , < 2024.1.8 (custom) Affected: 2023 , < 2023.1.8 (custom) cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD MAP 3D |
Affected:
2025 , < 2025.1.3
(custom)
Affected: 2024 , < 2024.1.8 (custom) Affected: 2023 , < 2023.1.8 (custom) cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD Mechanical |
Affected:
2025 , < 2025.1.3
(custom)
Affected: 2024 , < 2024.1.8 (custom) Affected: 2023 , < 2023.1.8 (custom) cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD MEP |
Affected:
2025 , < 2025.1.3
(custom)
Affected: 2024 , < 2024.1.8 (custom) Affected: 2023 , < 2023.1.8 (custom) cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD Plant 3D |
Affected:
2025 , < 2025.1.3
(custom)
Affected: 2024 , < 2024.1.8 (custom) Affected: 2023 , < 2023.1.8 (custom) cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:* |
|
| Autodesk | Civil 3D |
Affected:
2025 , < 2025.1.3
(custom)
Affected: 2024 , < 2024.1.8 (custom) Affected: 2023 , < 2023.1.8 (custom) cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:* |
|
| Autodesk | Advance Steel |
Affected:
2025 , < 2025.1.3
(custom)
Affected: 2024 , < 2024.1.8 (custom) Affected: 2023 , < 2023.1.8 (custom) cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T03:55:36.223028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:16.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:revit:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Revit",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.3.2",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MAP 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-Based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T18:45:41.097Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PDF File Parsing Heap-based Overflow Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-1656",
"datePublished": "2025-04-15T20:56:30.567Z",
"dateReserved": "2025-02-24T20:01:54.134Z",
"dateUpdated": "2026-02-26T18:28:16.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1788 (GCVE-0-2025-1788)
Vulnerability from cvelistv5 – Published: 2025-03-01 12:31 – Updated: 2025-03-03 20:37
VLAI
Title
rizinorg rizin utf8.c rz_utf8_encode heap-based overflow
Summary
A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. This affects the function rz_utf8_encode in the library /librz/util/utf8.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
Severity
5.3 (Medium)
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.298011 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.298011 | signaturepermissions-required |
| https://vuldb.com/?submit.502345 | third-party-advisory |
| https://github.com/rizinorg/rizin/issues/4910 | issue-tracking |
| https://github.com/rizinorg/rizin/issues/4910#iss… | issue-tracking |
| https://github.com/user-attachments/files/1881709… | exploit |
| https://github.com/rizinorg/rizin/pull/4762 | issue-trackingpatch |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1788",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T20:37:17.465931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T20:37:29.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/rizinorg/rizin/issues/4910#issuecomment-2662963253"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rizin",
"vendor": "rizinorg",
"versions": [
{
"status": "affected",
"version": "0.1"
},
{
"status": "affected",
"version": "0.2"
},
{
"status": "affected",
"version": "0.3"
},
{
"status": "affected",
"version": "0.4"
},
{
"status": "affected",
"version": "0.5"
},
{
"status": "affected",
"version": "0.6"
},
{
"status": "affected",
"version": "0.7"
},
{
"status": "affected",
"version": "0.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wenjusun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. This affects the function rz_utf8_encode in the library /librz/util/utf8.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in rizinorg rizin bis 0.8.0 gefunden. Hiervon betroffen ist die Funktion rz_utf8_encode in der Bibliothek /librz/util/utf8.c. Durch Beeinflussen mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-01T12:31:08.574Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298011 | rizinorg rizin utf8.c rz_utf8_encode heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298011"
},
{
"name": "VDB-298011 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298011"
},
{
"name": "Submit #502345 | https://github.com/rizinorg/rizin rizin/rz-bin 309f57434dfa17954f02cdcbb3a2ac4108651767 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.502345"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/rizinorg/rizin/issues/4910"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/rizinorg/rizin/issues/4910#issuecomment-2662963253"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/user-attachments/files/18817099/rz-bin-poc-01.zip"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/rizinorg/rizin/pull/4762"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-28T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-28T18:11:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "rizinorg rizin utf8.c rz_utf8_encode heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1788",
"datePublished": "2025-03-01T12:31:08.574Z",
"dateReserved": "2025-02-28T17:06:09.261Z",
"dateUpdated": "2025-03-03T20:37:29.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20128 (GCVE-0-2025-20128)
Vulnerability from cvelistv5 – Published: 2025-01-22 16:21 – Updated: 2025-11-03 18:08
VLAI
Title
ClamAV OLE2 File Format Decryption Denial of Service Vulnerability
Summary
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.
For a description of this vulnerability, see the .
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Affected:
7.0.5
Affected: 6.2.19 Affected: 7.3.3 Affected: 7.2.13 Affected: 6.1.5 Affected: 6.3.1 Affected: 6.2.5 Affected: 7.3.5 Affected: 6.2.1 Affected: 7.2.7 Affected: 7.1.1 Affected: 6.3.5 Affected: 6.2.9 Affected: 7.3.1 Affected: 6.1.7 Affected: 7.2.11 Affected: 7.2.3 Affected: 7.1.5 Affected: 6.3.3 Affected: 7.3.9 Affected: 6.2.3 Affected: 6.1.9 Affected: 7.2.5 Affected: 6.3.7 Affected: 1.12.3 Affected: 1.8.0 Affected: 1.11.1 Affected: 1.12.4 Affected: 1.10.0 Affected: 1.12.0 Affected: 1.8.1 Affected: 1.10.1 Affected: 1.12.1 Affected: 1.12.6 Affected: 1.14.0 Affected: 1.10.2 Affected: 1.12.2 Affected: 1.6.0 Affected: 1.11.0 Affected: 1.7.0 Affected: 1.13.0 Affected: 1.12.7 Affected: 1.8.4 Affected: 1.13.1 Affected: 1.9.0 Affected: 1.9.1 Affected: 1.12.5 Affected: 1.13.2 Affected: 8.1.7.21512 Affected: 8.1.7 Affected: 8.1.5 Affected: 8.1.3.21242 Affected: 8.1.3 Affected: 8.1.5.21322 Affected: 8.1.7.21417 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T16:54:39.076758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:40:10.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:43.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.11.1"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the .\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T16:21:12.329Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-ole2-H549rphA",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA"
},
{
"name": "ClamAV blog",
"url": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html"
}
],
"source": {
"advisory": "cisco-sa-clamav-ole2-H549rphA",
"defects": [
"CSCwm83037"
],
"discovery": "INTERNAL"
},
"title": "ClamAV OLE2 File Format Decryption Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20128",
"datePublished": "2025-01-22T16:21:12.329Z",
"dateReserved": "2024-10-10T19:15:13.212Z",
"dateUpdated": "2025-11-03T18:08:43.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phases:
Description:
- Pre-design: Use a language or compiler that performs automatic bounds checking.
Mitigation
Phase: Architecture and Design
Description:
- Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation ID: MIT-10
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation ID: MIT-11
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation
Phase: Implementation
Description:
- Implement and perform bounds checking on input.
Mitigation
Phase: Implementation
Strategy: Libraries or Frameworks
Description:
- Do not use dangerous functions such as gets. Look for their safe equivalent, which checks for the boundary.
Mitigation
Phase: Operation
Description:
- Use OS-level preventative functionality. This is not a complete solution, but it provides some defense in depth.
CAPEC-92: Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.