Search Results (3818 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-54502 1 Ohler 1 Oj 2026-07-01 N/A
Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.dump is vulnerable to a stack-based buffer overflow when a large :indent value is provided by the developer. fill_indent in dump.h calls memset(indent_str, ' ', (size_t)opts->indent) without validating the size. When opts->indent is set to INT_MAX (2,147,483,647), the (size_t) cast preserves the large value and memset writes 2 GB into the stack-allocated out buffer (4,184 bytes), corrupting the stack and crashing the process. This issue has been fixed in version 3.17.2.
CVE-2026-6687 2026-07-01 7.6 High
FatFs R0.16 and earlier contains a stack overflow bug in f_getlabel() because exFAT label length (XDIR_NumLabel) is trusted without enforcing spec maximums. This maps to CWE-121 (Stack-based Buffer Overflow). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total.
CVE-2026-43958 1 Redhat 1 Enterprise Linux 2026-07-01 7.8 High
A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary code execution, impacting the integrity and confidentiality of data.
CVE-2026-9105 1 Tp-link 1 Tl-wr841n V14 2026-07-01 N/A
An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause the embedded web server to overflow a stack buffer, resulting in a crash of the affected process. Successful exploitation results in a denial-of-service condition, causing the device to crash and automatically reboot.
CVE-2025-5278 1 Redhat 5 Discovery, Enterprise Linux, Insights Proxy and 2 more 2026-07-01 4.4 Medium
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
CVE-2026-13518 1 Tenda 1 Jd12l 2026-06-30 8.8 High
A vulnerability has been found in Tenda JD12L 16.03.53.23. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
CVE-2025-6170 2 Redhat, Xmlsoft 6 Enterprise Linux, Hummingbird, Jboss Core Services and 3 more 2026-06-30 2.5 Low
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.
CVE-2025-6021 2 Redhat, Xmlsoft 30 Discovery, Enterprise Linux, Enterprise Linux Eus and 27 more 2026-06-30 7.5 High
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
CVE-2025-9820 1 Redhat 8 Ceph Storage, Discovery, Enterprise Linux and 5 more 2026-06-30 4 Medium
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.
CVE-2026-0719 1 Redhat 9 Enterprise Linux, Enterprise Linux Eus, Openshift Devspaces and 6 more 2026-06-30 8.6 High
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.
CVE-2025-46398 2 Fig2dev Project, Redhat 2 Fig2dev, Enterprise Linux 2026-06-30 5.5 Medium
In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.
CVE-2025-46397 2 Fig2dev Project, Redhat 3 Fig2dev, Enterprise Linux, Rhel Eus 2026-06-30 7.8 High
A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.
CVE-2026-43718 1 Apple 3 Ios And Ipados, Macos, Safari 2026-06-30 6.5 Medium
A stack overflow was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-48796 1 Redhat 1 Enterprise Linux 2026-06-30 7.3 High
A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store more information than the capacity allows. This flaw allows a malicious ANI file to trigger arbitrary code execution.
CVE-2025-12464 1 Redhat 2 Enterprise Linux, Openshift 2026-06-29 6.2 Medium
A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This could lead to a buffer overrun in the e1000_receive_iov() function via the loopback code path. A malicious guest user could use this vulnerability to crash the QEMU process on the host, resulting in a denial of service.
CVE-2026-13573 1 Llvm 1 Llvm-project 2026-06-29 3.3 Low
A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2025-26595 3 Redhat, Tigervnc, X.org 9 Enterprise Linux, Rhel Aus, Rhel E4s and 6 more 2026-06-29 7.8 High
A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.
CVE-2026-36908 1 Axiomatic 1 Bento4 2026-06-29 5.5 Medium
A stack overflow in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
CVE-2026-36907 1 Axiomatic 1 Bento4 2026-06-29 5.5 Medium
A stack overflow in the AP4_StsdAtom::AP4_StsdAtom component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
CVE-2026-57879 2 Geovision, Geovision Inc. 2 Gv-lpc2011, Gv-lpclpc2011 2211 2026-06-29 9.8 Critical
An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing RTSP custom authentication data. A remote attacker may exploit this vulnerability by sending a crafted RTSP request, resulting in memory corruption, denial of service, or potentially arbitrary code execution.