Filtered by CWE-823
Total 46 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-21147 1 Estsoft 1 Alyac 2022-05-23 5.5 Medium
An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-6112 1 Gonitro 1 Nitro Pro 2022-05-12 7.8 High
An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which allow for the decoder to write out of-bounds and cause memory corruption. This can result in code execution. A specially crafted image can be embedded inside a PDF and loaded by a victim in order to trigger this vulnerability.
CVE-2021-3888 1 Libmobi Project 1 Libmobi 2022-04-25 8.1 High
libmobi is vulnerable to Use of Out-of-range Pointer Offset
CVE-2021-3889 1 Libmobi Project 1 Libmobi 2021-10-25 8.1 High
libmobi is vulnerable to Use of Out-of-range Pointer Offset
CVE-2021-22550 1 Google 1 Asylo 2021-06-22 7.8 High
An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended to update past 0.6.3 or git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c
CVE-2020-8904 1 Google 1 Asylo 2020-08-13 9.6 Critical
An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (enclave) memory. We recommend updating Asylo to version 0.6.0 or later.