IDA Pro
by Hex Rays
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45181 | Med | 0.42 | 6.5 | 0.00 | May 9, 2026 | Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directory if the victim uses an attacker-supplied .i64 file. | ||
| CVE-2024-44083 | 0.01 | — | 0.01 | Aug 19, 2024 | ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. NOTE: in many use cases, this is an inconvenience but not a security issue. | |||
| CVE-2022-32441 | 0.00 | — | 0.01 | Jul 7, 2022 | A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause a Denial of Service (DoS) via a crafted file. Related to Data from Faulting Address controls subsequent Write Address starting at msvcrt!memcpy+0x0000000000000056. | |||
| CVE-2014-9458 | 0.00 | — | 0.02 | Jan 2, 2015 | Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors. | |||
| CVE-2011-1054 | 0.00 | — | 0.01 | Feb 21, 2011 | Unspecified vulnerability in the PEF input file loader in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors. | |||
| CVE-2011-1053 | 0.00 | — | 0.01 | Feb 21, 2011 | Unspecified vulnerability in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (out-of-memory exception and inability to analyze code) via a crafted Mach-O file. | |||
| CVE-2011-1052 | 0.00 | — | 0.01 | Feb 21, 2011 | Integer overflow in the PSX/GEOS input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation. | |||
| CVE-2011-1051 | 0.00 | — | 0.01 | Feb 21, 2011 | Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation. | |||
| CVE-2011-1050 | 0.00 | — | 0.02 | Feb 21, 2011 | Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to "converson of string encodings" and "inconsistencies in the handling of UTF8 sequences by the user interface." | |||
| CVE-2011-1049 | 0.00 | — | 0.04 | Feb 21, 2011 | Buffer overflow in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Macho-O file. | |||
| CVE-2007-1666 | 0.00 | — | 0.03 | Mar 24, 2007 | The processor_request function in the debugger server for DataRescue IDA Pro 5.0 and 5.1 does not verify that authentication has taken place before invoking the perform_request function, which allows remote attackers to perform unauthorized actions. | |||
| CVE-2005-0770 | 0.00 | — | 0.03 | May 2, 2005 | Format string vulnerability in DataRescue Interactive Disassembler and Debugger (IDA) Pro 4.7.0.830 allows remote attackers or local users to cause a denial of service (CPU consumption or application crash) and possibly execute arbitrary code via format string specifiers in a… |
- risk 0.42cvss 6.5epss 0.00
Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directory if the victim uses an attacker-supplied .i64 file.
- CVE-2024-44083Aug 19, 2024risk 0.01cvss —epss 0.01
ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. NOTE: in many use cases, this is an inconvenience but not a security issue.
- CVE-2022-32441Jul 7, 2022risk 0.00cvss —epss 0.01
A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause a Denial of Service (DoS) via a crafted file. Related to Data from Faulting Address controls subsequent Write Address starting at msvcrt!memcpy+0x0000000000000056.
- CVE-2014-9458Jan 2, 2015risk 0.00cvss —epss 0.02
Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors.
- CVE-2011-1054Feb 21, 2011risk 0.00cvss —epss 0.01
Unspecified vulnerability in the PEF input file loader in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors.
- CVE-2011-1053Feb 21, 2011risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (out-of-memory exception and inability to analyze code) via a crafted Mach-O file.
- CVE-2011-1052Feb 21, 2011risk 0.00cvss —epss 0.01
Integer overflow in the PSX/GEOS input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.
- CVE-2011-1051Feb 21, 2011risk 0.00cvss —epss 0.01
Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.
- CVE-2011-1050Feb 21, 2011risk 0.00cvss —epss 0.02
Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to "converson of string encodings" and "inconsistencies in the handling of UTF8 sequences by the user interface."
- CVE-2011-1049Feb 21, 2011risk 0.00cvss —epss 0.04
Buffer overflow in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Macho-O file.
- CVE-2007-1666Mar 24, 2007risk 0.00cvss —epss 0.03
The processor_request function in the debugger server for DataRescue IDA Pro 5.0 and 5.1 does not verify that authentication has taken place before invoking the perform_request function, which allows remote attackers to perform unauthorized actions.
- CVE-2005-0770May 2, 2005risk 0.00cvss —epss 0.03
Format string vulnerability in DataRescue Interactive Disassembler and Debugger (IDA) Pro 4.7.0.830 allows remote attackers or local users to cause a denial of service (CPU consumption or application crash) and possibly execute arbitrary code via format string specifiers in a…