Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    22 vulnerabilities by Bandisoft

    CVE-2025-33027 (GCVE-0-2025-33027)

    Vulnerability from nvd – Published: 2025-04-15 00:00 – Updated: 2025-10-24 19:21 Disputed
    VLAI
    Summary
    In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Bandizip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, Bandizip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. NOTE: this is disputed because Mark-of-the-Web propagation can increase risk via security-warning habituation, and because the intended control sphere for file-origin metadata (e.g., HostUrl in Zone.Identifier) may be narrower than that for reading the file's content.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-830 - Inclusion of Web Functionality from an Untrusted Source
    Assigner
    Impacted products
    Vendor Product Version
    Bandisoft Bandizip Affected: 0 , ≤ 7.37 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33027",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-15T17:50:46.511511Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T17:51:05.694Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/EnisAksu/Argonis/blob/main/CVEs/CVE-2025-33027%20%28Bandizip%29/CVE-2025-33027.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Bandizip",
              "vendor": "Bandisoft",
              "versions": [
                {
                  "lessThanOrEqual": "7.37",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:bandisoft:bandizip:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "7.37",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Bandizip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, Bandizip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. NOTE: this is disputed because Mark-of-the-Web propagation can increase risk via security-warning habituation, and because the intended control sphere for file-origin metadata (e.g., HostUrl in Zone.Identifier) may be narrower than that for reading the file\u0027s content."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-830",
                  "description": "CWE-830 Inclusion of Web Functionality from an Untrusted Source",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-24T19:21:55.948Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://en.bandisoft.com/bandizip/"
            },
            {
              "url": "https://github.com/EnisAksu/Argonis/blob/main/CVEs/CVE-2025-33027%20%28Bandizip%29/CVE-2025-33027.md"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_generator": {
            "engine": "enrichogram 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-33027",
        "datePublished": "2025-04-15T00:00:00.000Z",
        "dateReserved": "2025-04-15T00:00:00.000Z",
        "dateUpdated": "2025-10-24T19:21:55.948Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45872 (GCVE-0-2024-45872)

    Vulnerability from nvd – Published: 2024-10-03 00:00 – Updated: 2024-10-03 19:29
    VLAI
    Summary
    Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs due to insufficient validation of PSD files.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    bandisoft bandiview Affected: 7.05
        cpe:2.3:a:bandisoft:bandiview:7.05:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:bandisoft:bandiview:7.05:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bandiview",
                "vendor": "bandisoft",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.05"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45872",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T19:23:06.292421Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-122",
                    "description": "CWE-122 Heap-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T19:29:53.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs due to insufficient validation of PSD files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-03T16:24:08.901Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/Jaecho6053/BandiView_PoC"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45872",
        "datePublished": "2024-10-03T00:00:00.000Z",
        "dateReserved": "2024-09-11T00:00:00.000Z",
        "dateUpdated": "2024-10-03T19:29:53.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45871 (GCVE-0-2024-45871)

    Vulnerability from nvd – Published: 2024-10-03 00:00 – Updated: 2024-10-03 19:38
    VLAI
    Summary
    Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service (DOS).
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    bandisoft bandiview Affected: 7.05
        cpe:2.3:a:bandisoft:bandiview:7.05:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:bandisoft:bandiview:7.05:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bandiview",
                "vendor": "bandisoft",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.05"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45871",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T19:32:42.871367Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T19:38:02.678Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service (DOS)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-03T16:28:07.876Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/Jaecho6053/BandiView_PoC"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45871",
        "datePublished": "2024-10-03T00:00:00.000Z",
        "dateReserved": "2024-09-11T00:00:00.000Z",
        "dateUpdated": "2024-10-03T19:38:02.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45870 (GCVE-0-2024-45870)

    Vulnerability from nvd – Published: 2024-10-03 00:00 – Updated: 2024-10-03 17:29
    VLAI
    Summary
    Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    bandisoft bandiview Affected: 7.05
        cpe:2.3:a:bandisoft:bandiview:7.05:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:bandisoft:bandiview:7.05:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bandiview",
                "vendor": "bandisoft",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.05"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45870",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T17:27:44.956607Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T17:29:07.616Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-03T15:56:02.297Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/Jaecho6053/BandiView_PoC"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45870",
        "datePublished": "2024-10-03T00:00:00.000Z",
        "dateReserved": "2024-09-11T00:00:00.000Z",
        "dateUpdated": "2024-10-03T17:29:07.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22526 (GCVE-0-2024-22526)

    Vulnerability from nvd – Published: 2024-04-12 00:00 – Updated: 2024-10-29 15:09
    VLAI
    Summary
    Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:51:10.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gist.github.com/GAP-dev/c33276a151c824300d68aecc317082a3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22526",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-15T13:37:43.995848Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T15:09:08.703Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-12T06:40:49.386Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gist.github.com/GAP-dev/c33276a151c824300d68aecc317082a3"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-22526",
        "datePublished": "2024-04-12T00:00:00.000Z",
        "dateReserved": "2024-01-11T00:00:00.000Z",
        "dateUpdated": "2024-10-29T15:09:08.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4863 (GCVE-0-2023-4863)

    Vulnerability from nvd – Published: 2023-09-12 14:24 – Updated: 2025-10-21 23:05
    VLAI CISA KEVIntel
    Summary
    Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Heap buffer overflow
    • CWE-787 - Out-of-bounds Write
    Assigner
    References
    URL Tags
    https://chromereleases.googleblog.com/2023/09/sta…
    https://crbug.com/1479274
    https://en.bandisoft.com/honeyview/history/
    https://stackdiary.com/critical-vulnerability-in-…
    https://www.mozilla.org/en-US/security/advisories…
    https://github.com/webmproject/libwebp/commit/902…
    https://msrc.microsoft.com/update-guide/vulnerabi…
    https://security-tracker.debian.org/tracker/CVE-2…
    https://bugzilla.suse.com/show_bug.cgi?id=1215231
    https://news.ycombinator.com/item?id=37478403
    https://www.bleepingcomputer.com/news/google/goog…
    https://www.debian.org/security/2023/dsa-5496
    https://www.debian.org/security/2023/dsa-5497
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.debian.org/debian-lts-announce/2023…
    https://lists.fedoraproject.org/archives/list/pac…
    https://www.debian.org/security/2023/dsa-5498
    https://security.gentoo.org/glsa/202309-05
    https://lists.debian.org/debian-lts-announce/2023…
    https://lists.fedoraproject.org/archives/list/pac…
    https://adamcaudill.com/2023/09/14/whose-cve-is-i…
    https://github.com/webmproject/libwebp/releases/t…
    https://lists.debian.org/debian-lts-announce/2023…
    https://lists.fedoraproject.org/archives/list/pac…
    http://www.openwall.com/lists/oss-security/2023/09/21/4
    https://blog.isosceles.com/the-webp-0day/
    http://www.openwall.com/lists/oss-security/2023/09/22/1
    http://www.openwall.com/lists/oss-security/2023/09/22/3
    http://www.openwall.com/lists/oss-security/2023/09/22/4
    http://www.openwall.com/lists/oss-security/2023/09/22/5
    http://www.openwall.com/lists/oss-security/2023/09/22/8
    http://www.openwall.com/lists/oss-security/2023/09/22/7
    http://www.openwall.com/lists/oss-security/2023/09/22/6
    http://www.openwall.com/lists/oss-security/2023/09/26/1
    http://www.openwall.com/lists/oss-security/2023/09/26/7
    http://www.openwall.com/lists/oss-security/2023/09/28/1
    http://www.openwall.com/lists/oss-security/2023/09/28/2
    http://www.openwall.com/lists/oss-security/2023/09/28/4
    https://security.netapp.com/advisory/ntap-2023092…
    https://lists.fedoraproject.org/archives/list/pac…
    https://sethmlarson.dev/security-developer-in-res…
    https://www.bentley.com/advisories/be-2023-0001/
    https://security.gentoo.org/glsa/202401-10
    https://www.vicarius.io/vsociety/posts/zero-day-w…
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 116.0.5845.187 , < 116.0.5845.187 (custom)
    Create a notification for this product.
    Google libwebp Affected: 1.3.2 , < 1.3.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-19T07:48:10.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://crbug.com/1479274"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://en.bandisoft.com/honeyview/history/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37478403"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5496"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5497"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5498"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202309-05"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.isosceles.com/the-webp-0day/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/8"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/28/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/28/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230929-0011/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bentley.com/advisories/be-2023-0001/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202401-10"
              },
              {
                "url": "https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4863",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-28T05:00:18.341149Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-09-13",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:38.429Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-09-13T00:00:00.000Z",
                "value": "CVE-2023-4863 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "116.0.5845.187",
                  "status": "affected",
                  "version": "116.0.5845.187",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "libwebp",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "1.3.2",
                  "status": "affected",
                  "version": "1.3.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Heap buffer overflow",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-07T11:07:27.027Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"
            },
            {
              "url": "https://crbug.com/1479274"
            },
            {
              "url": "https://en.bandisoft.com/honeyview/history/"
            },
            {
              "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
            },
            {
              "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
            },
            {
              "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a"
            },
            {
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863"
            },
            {
              "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863"
            },
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37478403"
            },
            {
              "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/"
            },
            {
              "url": "https://www.debian.org/security/2023/dsa-5496"
            },
            {
              "url": "https://www.debian.org/security/2023/dsa-5497"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/"
            },
            {
              "url": "https://www.debian.org/security/2023/dsa-5498"
            },
            {
              "url": "https://security.gentoo.org/glsa/202309-05"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"
            },
            {
              "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/"
            },
            {
              "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4"
            },
            {
              "url": "https://blog.isosceles.com/the-webp-0day/"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/1"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/3"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/4"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/5"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/8"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/7"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/28/1"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/28/2"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230929-0011/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"
            },
            {
              "url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16"
            },
            {
              "url": "https://www.bentley.com/advisories/be-2023-0001/"
            },
            {
              "url": "https://security.gentoo.org/glsa/202401-10"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2023-4863",
        "datePublished": "2023-09-12T14:24:59.275Z",
        "dateReserved": "2023-09-09T01:02:58.312Z",
        "dateUpdated": "2025-10-21T23:05:38.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26635 (GCVE-0-2021-26635)

    Vulnerability from nvd – Published: 2022-06-01 15:04 – Updated: 2024-08-03 20:26
    VLAI
    Title
    Bandisoft ARK Library buffer overflow vulnerability
    Summary
    In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bandisoft International Inc. ark library Affected: unspecified , ≤ 7.17 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows, Mac OS, Linux and etc."
              ],
              "product": "ark library",
              "vendor": "Bandisoft International Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "7.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-01T15:04:52.000Z",
            "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
            "shortName": "krcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Bandisoft ARK Library buffer overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@krcert.or.kr",
              "ID": "CVE-2021-26635",
              "STATE": "PUBLIC",
              "TITLE": "Bandisoft ARK Library buffer overflow vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ark library",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows, Mac OS, Linux and etc.",
                                "version_affected": "\u003c=",
                                "version_value": "7.17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bandisoft International Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747",
                  "refsource": "MISC",
                  "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "assignerShortName": "krcert",
        "cveId": "CVE-2021-26635",
        "datePublished": "2022-06-01T15:04:52.000Z",
        "dateReserved": "2021-02-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:26:25.566Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26623 (GCVE-0-2021-26623)

    Vulnerability from nvd – Published: 2022-04-01 22:17 – Updated: 2024-08-03 20:26
    VLAI
    Title
    Bandisoft ARK Library Out-of-bound Vulnerability
    Summary
    A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bandisoft International Inc. Bandizip Affected: unspecified , ≤ 7.19 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.561Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66595"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "Bandizip",
              "vendor": "Bandisoft International Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "7.19",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability due to incomplete check for \u0027xheader_decode_path_record\u0027 function\u0027s parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-01T22:17:41.000Z",
            "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
            "shortName": "krcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66595"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Bandisoft ARK Library Out-of-bound Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@krcert.or.kr",
              "ID": "CVE-2021-26623",
              "STATE": "PUBLIC",
              "TITLE": "Bandisoft ARK Library Out-of-bound Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bandizip",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_value": "7.19"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bandisoft International Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability due to incomplete check for \u0027xheader_decode_path_record\u0027 function\u0027s parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66595",
                  "refsource": "MISC",
                  "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66595"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "assignerShortName": "krcert",
        "cveId": "CVE-2021-26623",
        "datePublished": "2022-04-01T22:17:41.000Z",
        "dateReserved": "2021-02-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:26:25.561Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26615 (GCVE-0-2021-26615)

    Vulnerability from nvd – Published: 2021-11-26 16:33 – Updated: 2024-08-03 20:26
    VLAI
    Title
    bandisoft ARK library integer overflow vulnerability
    Summary
    ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow.
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    References
    Impacted products
    Vendor Product Version
    bandisoft ARK Affected: 7.13.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.531Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36361"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "ARK",
              "vendor": "bandisoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.13.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-26T16:33:59.000Z",
            "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
            "shortName": "krcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36361"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "bandisoft ARK library integer overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@krcert.or.kr",
              "ID": "CVE-2021-26615",
              "STATE": "PUBLIC",
              "TITLE": "bandisoft ARK library integer overflow vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ARK",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "=",
                                "version_name": "7.13.0.3",
                                "version_value": "7.13.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "bandisoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-190 Integer Overflow or Wraparound"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36361",
                  "refsource": "MISC",
                  "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36361"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "assignerShortName": "krcert",
        "cveId": "CVE-2021-26615",
        "datePublished": "2021-11-26T16:33:59.000Z",
        "dateReserved": "2021-02-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:26:25.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26603 (GCVE-0-2021-26603)

    Vulnerability from nvd – Published: 2021-09-09 11:16 – Updated: 2024-08-03 20:26
    VLAI
    Title
    bandisoft ARK library heap overflow vulnerability
    Summary
    A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    bandisoft ARK Affected: 7.13.0.3 , ≤ 7.13.0.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36237"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "ARK",
              "vendor": "bandisoft",
              "versions": [
                {
                  "lessThanOrEqual": "7.13.0.3",
                  "status": "affected",
                  "version": "7.13.0.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-09T11:16:32.000Z",
            "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
            "shortName": "krcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36237"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "bandisoft ARK library heap overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@krcert.or.kr",
              "ID": "CVE-2021-26603",
              "STATE": "PUBLIC",
              "TITLE": "bandisoft ARK library heap overflow vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ARK",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_name": "7.13.0.3",
                                "version_value": "7.13.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "bandisoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122 Heap-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36237",
                  "refsource": "MISC",
                  "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36237"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "assignerShortName": "krcert",
        "cveId": "CVE-2021-26603",
        "datePublished": "2021-09-09T11:16:32.000Z",
        "dateReserved": "2021-02-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:26:25.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-1680 (GCVE-0-2014-1680)

    Vulnerability from nvd – Published: 2014-02-14 02:00 – Updated: 2024-08-06 09:50
    VLAI
    Summary
    Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-02-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:50:10.252Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "bandzip-dll-cve20141680-code-exec(90966)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90966"
              },
              {
                "name": "102979",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/102979"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bandisoft.com/bandizip/history"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/125059"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "bandzip-dll-cve20141680-code-exec(90966)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90966"
            },
            {
              "name": "102979",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/102979"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bandisoft.com/bandizip/history"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/125059"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-1680",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "bandzip-dll-cve20141680-code-exec(90966)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90966"
                },
                {
                  "name": "102979",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/102979"
                },
                {
                  "name": "http://www.bandisoft.com/bandizip/history",
                  "refsource": "MISC",
                  "url": "http://www.bandisoft.com/bandizip/history"
                },
                {
                  "name": "http://packetstormsecurity.com/files/125059",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/125059"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-1680",
        "datePublished": "2014-02-14T02:00:00.000Z",
        "dateReserved": "2014-01-26T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:50:10.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-33027 (GCVE-0-2025-33027)

    Vulnerability from cvelistv5 – Published: 2025-04-15 00:00 – Updated: 2025-10-24 19:21 Disputed
    VLAI
    Summary
    In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Bandizip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, Bandizip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. NOTE: this is disputed because Mark-of-the-Web propagation can increase risk via security-warning habituation, and because the intended control sphere for file-origin metadata (e.g., HostUrl in Zone.Identifier) may be narrower than that for reading the file's content.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-830 - Inclusion of Web Functionality from an Untrusted Source
    Assigner
    Impacted products
    Vendor Product Version
    Bandisoft Bandizip Affected: 0 , ≤ 7.37 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33027",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-15T17:50:46.511511Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T17:51:05.694Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/EnisAksu/Argonis/blob/main/CVEs/CVE-2025-33027%20%28Bandizip%29/CVE-2025-33027.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Bandizip",
              "vendor": "Bandisoft",
              "versions": [
                {
                  "lessThanOrEqual": "7.37",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:bandisoft:bandizip:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "7.37",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Bandizip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, Bandizip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. NOTE: this is disputed because Mark-of-the-Web propagation can increase risk via security-warning habituation, and because the intended control sphere for file-origin metadata (e.g., HostUrl in Zone.Identifier) may be narrower than that for reading the file\u0027s content."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-830",
                  "description": "CWE-830 Inclusion of Web Functionality from an Untrusted Source",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-24T19:21:55.948Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://en.bandisoft.com/bandizip/"
            },
            {
              "url": "https://github.com/EnisAksu/Argonis/blob/main/CVEs/CVE-2025-33027%20%28Bandizip%29/CVE-2025-33027.md"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_generator": {
            "engine": "enrichogram 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-33027",
        "datePublished": "2025-04-15T00:00:00.000Z",
        "dateReserved": "2025-04-15T00:00:00.000Z",
        "dateUpdated": "2025-10-24T19:21:55.948Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45870 (GCVE-0-2024-45870)

    Vulnerability from cvelistv5 – Published: 2024-10-03 00:00 – Updated: 2024-10-03 17:29
    VLAI
    Summary
    Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    bandisoft bandiview Affected: 7.05
        cpe:2.3:a:bandisoft:bandiview:7.05:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:bandisoft:bandiview:7.05:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bandiview",
                "vendor": "bandisoft",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.05"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45870",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T17:27:44.956607Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T17:29:07.616Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-03T15:56:02.297Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/Jaecho6053/BandiView_PoC"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45870",
        "datePublished": "2024-10-03T00:00:00.000Z",
        "dateReserved": "2024-09-11T00:00:00.000Z",
        "dateUpdated": "2024-10-03T17:29:07.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45871 (GCVE-0-2024-45871)

    Vulnerability from cvelistv5 – Published: 2024-10-03 00:00 – Updated: 2024-10-03 19:38
    VLAI
    Summary
    Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service (DOS).
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    bandisoft bandiview Affected: 7.05
        cpe:2.3:a:bandisoft:bandiview:7.05:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:bandisoft:bandiview:7.05:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bandiview",
                "vendor": "bandisoft",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.05"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45871",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T19:32:42.871367Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T19:38:02.678Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service (DOS)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-03T16:28:07.876Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/Jaecho6053/BandiView_PoC"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45871",
        "datePublished": "2024-10-03T00:00:00.000Z",
        "dateReserved": "2024-09-11T00:00:00.000Z",
        "dateUpdated": "2024-10-03T19:38:02.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45872 (GCVE-0-2024-45872)

    Vulnerability from cvelistv5 – Published: 2024-10-03 00:00 – Updated: 2024-10-03 19:29
    VLAI
    Summary
    Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs due to insufficient validation of PSD files.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    bandisoft bandiview Affected: 7.05
        cpe:2.3:a:bandisoft:bandiview:7.05:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:bandisoft:bandiview:7.05:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bandiview",
                "vendor": "bandisoft",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.05"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45872",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T19:23:06.292421Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-122",
                    "description": "CWE-122 Heap-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T19:29:53.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs due to insufficient validation of PSD files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-03T16:24:08.901Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/Jaecho6053/BandiView_PoC"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-45872",
        "datePublished": "2024-10-03T00:00:00.000Z",
        "dateReserved": "2024-09-11T00:00:00.000Z",
        "dateUpdated": "2024-10-03T19:29:53.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22526 (GCVE-0-2024-22526)

    Vulnerability from cvelistv5 – Published: 2024-04-12 00:00 – Updated: 2024-10-29 15:09
    VLAI
    Summary
    Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:51:10.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gist.github.com/GAP-dev/c33276a151c824300d68aecc317082a3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22526",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-15T13:37:43.995848Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T15:09:08.703Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-12T06:40:49.386Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gist.github.com/GAP-dev/c33276a151c824300d68aecc317082a3"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-22526",
        "datePublished": "2024-04-12T00:00:00.000Z",
        "dateReserved": "2024-01-11T00:00:00.000Z",
        "dateUpdated": "2024-10-29T15:09:08.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4863 (GCVE-0-2023-4863)

    Vulnerability from cvelistv5 – Published: 2023-09-12 14:24 – Updated: 2025-10-21 23:05
    VLAI CISA KEVIntel
    Summary
    Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Heap buffer overflow
    • CWE-787 - Out-of-bounds Write
    Assigner
    References
    URL Tags
    https://chromereleases.googleblog.com/2023/09/sta…
    https://crbug.com/1479274
    https://en.bandisoft.com/honeyview/history/
    https://stackdiary.com/critical-vulnerability-in-…
    https://www.mozilla.org/en-US/security/advisories…
    https://github.com/webmproject/libwebp/commit/902…
    https://msrc.microsoft.com/update-guide/vulnerabi…
    https://security-tracker.debian.org/tracker/CVE-2…
    https://bugzilla.suse.com/show_bug.cgi?id=1215231
    https://news.ycombinator.com/item?id=37478403
    https://www.bleepingcomputer.com/news/google/goog…
    https://www.debian.org/security/2023/dsa-5496
    https://www.debian.org/security/2023/dsa-5497
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.debian.org/debian-lts-announce/2023…
    https://lists.fedoraproject.org/archives/list/pac…
    https://www.debian.org/security/2023/dsa-5498
    https://security.gentoo.org/glsa/202309-05
    https://lists.debian.org/debian-lts-announce/2023…
    https://lists.fedoraproject.org/archives/list/pac…
    https://adamcaudill.com/2023/09/14/whose-cve-is-i…
    https://github.com/webmproject/libwebp/releases/t…
    https://lists.debian.org/debian-lts-announce/2023…
    https://lists.fedoraproject.org/archives/list/pac…
    http://www.openwall.com/lists/oss-security/2023/09/21/4
    https://blog.isosceles.com/the-webp-0day/
    http://www.openwall.com/lists/oss-security/2023/09/22/1
    http://www.openwall.com/lists/oss-security/2023/09/22/3
    http://www.openwall.com/lists/oss-security/2023/09/22/4
    http://www.openwall.com/lists/oss-security/2023/09/22/5
    http://www.openwall.com/lists/oss-security/2023/09/22/8
    http://www.openwall.com/lists/oss-security/2023/09/22/7
    http://www.openwall.com/lists/oss-security/2023/09/22/6
    http://www.openwall.com/lists/oss-security/2023/09/26/1
    http://www.openwall.com/lists/oss-security/2023/09/26/7
    http://www.openwall.com/lists/oss-security/2023/09/28/1
    http://www.openwall.com/lists/oss-security/2023/09/28/2
    http://www.openwall.com/lists/oss-security/2023/09/28/4
    https://security.netapp.com/advisory/ntap-2023092…
    https://lists.fedoraproject.org/archives/list/pac…
    https://sethmlarson.dev/security-developer-in-res…
    https://www.bentley.com/advisories/be-2023-0001/
    https://security.gentoo.org/glsa/202401-10
    https://www.vicarius.io/vsociety/posts/zero-day-w…
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 116.0.5845.187 , < 116.0.5845.187 (custom)
    Create a notification for this product.
    Google libwebp Affected: 1.3.2 , < 1.3.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-19T07:48:10.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://crbug.com/1479274"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://en.bandisoft.com/honeyview/history/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37478403"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5496"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5497"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5498"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202309-05"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.isosceles.com/the-webp-0day/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/8"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/28/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/28/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230929-0011/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bentley.com/advisories/be-2023-0001/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202401-10"
              },
              {
                "url": "https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4863",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-28T05:00:18.341149Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-09-13",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:38.429Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-09-13T00:00:00.000Z",
                "value": "CVE-2023-4863 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "116.0.5845.187",
                  "status": "affected",
                  "version": "116.0.5845.187",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "libwebp",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "1.3.2",
                  "status": "affected",
                  "version": "1.3.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Heap buffer overflow",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-07T11:07:27.027Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"
            },
            {
              "url": "https://crbug.com/1479274"
            },
            {
              "url": "https://en.bandisoft.com/honeyview/history/"
            },
            {
              "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
            },
            {
              "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
            },
            {
              "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a"
            },
            {
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863"
            },
            {
              "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863"
            },
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37478403"
            },
            {
              "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/"
            },
            {
              "url": "https://www.debian.org/security/2023/dsa-5496"
            },
            {
              "url": "https://www.debian.org/security/2023/dsa-5497"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/"
            },
            {
              "url": "https://www.debian.org/security/2023/dsa-5498"
            },
            {
              "url": "https://security.gentoo.org/glsa/202309-05"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"
            },
            {
              "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/"
            },
            {
              "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4"
            },
            {
              "url": "https://blog.isosceles.com/the-webp-0day/"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/1"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/3"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/4"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/5"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/8"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/7"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/28/1"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/28/2"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230929-0011/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"
            },
            {
              "url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16"
            },
            {
              "url": "https://www.bentley.com/advisories/be-2023-0001/"
            },
            {
              "url": "https://security.gentoo.org/glsa/202401-10"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2023-4863",
        "datePublished": "2023-09-12T14:24:59.275Z",
        "dateReserved": "2023-09-09T01:02:58.312Z",
        "dateUpdated": "2025-10-21T23:05:38.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26635 (GCVE-0-2021-26635)

    Vulnerability from cvelistv5 – Published: 2022-06-01 15:04 – Updated: 2024-08-03 20:26
    VLAI
    Title
    Bandisoft ARK Library buffer overflow vulnerability
    Summary
    In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bandisoft International Inc. ark library Affected: unspecified , ≤ 7.17 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows, Mac OS, Linux and etc."
              ],
              "product": "ark library",
              "vendor": "Bandisoft International Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "7.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-01T15:04:52.000Z",
            "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
            "shortName": "krcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Bandisoft ARK Library buffer overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@krcert.or.kr",
              "ID": "CVE-2021-26635",
              "STATE": "PUBLIC",
              "TITLE": "Bandisoft ARK Library buffer overflow vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ark library",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows, Mac OS, Linux and etc.",
                                "version_affected": "\u003c=",
                                "version_value": "7.17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bandisoft International Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747",
                  "refsource": "MISC",
                  "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "assignerShortName": "krcert",
        "cveId": "CVE-2021-26635",
        "datePublished": "2022-06-01T15:04:52.000Z",
        "dateReserved": "2021-02-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:26:25.566Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26623 (GCVE-0-2021-26623)

    Vulnerability from cvelistv5 – Published: 2022-04-01 22:17 – Updated: 2024-08-03 20:26
    VLAI
    Title
    Bandisoft ARK Library Out-of-bound Vulnerability
    Summary
    A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bandisoft International Inc. Bandizip Affected: unspecified , ≤ 7.19 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.561Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66595"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "Bandizip",
              "vendor": "Bandisoft International Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "7.19",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability due to incomplete check for \u0027xheader_decode_path_record\u0027 function\u0027s parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-01T22:17:41.000Z",
            "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
            "shortName": "krcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66595"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Bandisoft ARK Library Out-of-bound Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@krcert.or.kr",
              "ID": "CVE-2021-26623",
              "STATE": "PUBLIC",
              "TITLE": "Bandisoft ARK Library Out-of-bound Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bandizip",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_value": "7.19"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bandisoft International Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability due to incomplete check for \u0027xheader_decode_path_record\u0027 function\u0027s parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66595",
                  "refsource": "MISC",
                  "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66595"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "assignerShortName": "krcert",
        "cveId": "CVE-2021-26623",
        "datePublished": "2022-04-01T22:17:41.000Z",
        "dateReserved": "2021-02-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:26:25.561Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26615 (GCVE-0-2021-26615)

    Vulnerability from cvelistv5 – Published: 2021-11-26 16:33 – Updated: 2024-08-03 20:26
    VLAI
    Title
    bandisoft ARK library integer overflow vulnerability
    Summary
    ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow.
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    References
    Impacted products
    Vendor Product Version
    bandisoft ARK Affected: 7.13.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.531Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36361"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "ARK",
              "vendor": "bandisoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.13.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-26T16:33:59.000Z",
            "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
            "shortName": "krcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36361"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "bandisoft ARK library integer overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@krcert.or.kr",
              "ID": "CVE-2021-26615",
              "STATE": "PUBLIC",
              "TITLE": "bandisoft ARK library integer overflow vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ARK",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "=",
                                "version_name": "7.13.0.3",
                                "version_value": "7.13.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "bandisoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-190 Integer Overflow or Wraparound"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36361",
                  "refsource": "MISC",
                  "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36361"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "assignerShortName": "krcert",
        "cveId": "CVE-2021-26615",
        "datePublished": "2021-11-26T16:33:59.000Z",
        "dateReserved": "2021-02-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:26:25.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26603 (GCVE-0-2021-26603)

    Vulnerability from cvelistv5 – Published: 2021-09-09 11:16 – Updated: 2024-08-03 20:26
    VLAI
    Title
    bandisoft ARK library heap overflow vulnerability
    Summary
    A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    bandisoft ARK Affected: 7.13.0.3 , ≤ 7.13.0.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36237"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "ARK",
              "vendor": "bandisoft",
              "versions": [
                {
                  "lessThanOrEqual": "7.13.0.3",
                  "status": "affected",
                  "version": "7.13.0.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-09T11:16:32.000Z",
            "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
            "shortName": "krcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36237"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "bandisoft ARK library heap overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@krcert.or.kr",
              "ID": "CVE-2021-26603",
              "STATE": "PUBLIC",
              "TITLE": "bandisoft ARK library heap overflow vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ARK",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_name": "7.13.0.3",
                                "version_value": "7.13.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "bandisoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122 Heap-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36237",
                  "refsource": "MISC",
                  "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36237"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "assignerShortName": "krcert",
        "cveId": "CVE-2021-26603",
        "datePublished": "2021-09-09T11:16:32.000Z",
        "dateReserved": "2021-02-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:26:25.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-1680 (GCVE-0-2014-1680)

    Vulnerability from cvelistv5 – Published: 2014-02-14 02:00 – Updated: 2024-08-06 09:50
    VLAI
    Summary
    Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-02-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:50:10.252Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "bandzip-dll-cve20141680-code-exec(90966)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90966"
              },
              {
                "name": "102979",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/102979"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bandisoft.com/bandizip/history"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/125059"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "bandzip-dll-cve20141680-code-exec(90966)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90966"
            },
            {
              "name": "102979",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/102979"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bandisoft.com/bandizip/history"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/125059"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-1680",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "bandzip-dll-cve20141680-code-exec(90966)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90966"
                },
                {
                  "name": "102979",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/102979"
                },
                {
                  "name": "http://www.bandisoft.com/bandizip/history",
                  "refsource": "MISC",
                  "url": "http://www.bandisoft.com/bandizip/history"
                },
                {
                  "name": "http://packetstormsecurity.com/files/125059",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/125059"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-1680",
        "datePublished": "2014-02-14T02:00:00.000Z",
        "dateReserved": "2014-01-26T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:50:10.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }