CVE-2024-8025

HIGH Year: 2024
CVSS v3 Score
7.0
High
Weakness Type
CWE-122
View all →

Vulnerability Description

Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of NRW files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19873.

Related Vulnerabilities

CVE-2018-1165

HIGH
CVSS:7.0(High)

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute l...

CWE-1222018

CVE-2022-24052

HIGH
CVSS:7.0(High)

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Aut...

CWE-1222022

CVE-2023-21733

HIGH
CVSS:7.0(High)

Windows Bind Filter Driver Elevation of Privilege Vulnerability

CWE-1222023

CVE-2023-28218

HIGH
CVSS:7.0(High)

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CWE-1222023

CVE-2023-4504

HIGH
CVSS:7.0(High)

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue...

CWE-1222023

CVE-2024-43522

HIGH
CVSS:7.0(High)

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

CWE-1222024