VYPR

NASM

by Nasm

Source repositories

CVEs (42)

  • CVE-2020-24978CriSep 4, 2020
    risk 0.64cvss 9.8epss 0.01

    In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.

  • CVE-2026-6068CriApr 10, 2026
    risk 0.62cvss 9.6epss 0.00

    NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption…

  • CVE-2023-31722HigMay 17, 2023
    risk 0.51cvss 7.8epss 0.00

    There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).

  • CVE-2022-44370HigMar 29, 2023
    risk 0.51cvss 7.8epss 0.00

    NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856

  • CVE-2019-8343HigFeb 15, 2019
    risk 0.51cvss 7.8epss 0.01

    In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.

  • CVE-2018-8883HigMar 20, 2018
    risk 0.51cvss 7.8epss 0.00

    Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.

  • CVE-2018-8882HigMar 20, 2018
    risk 0.51cvss 7.8epss 0.00

    Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.

  • CVE-2026-6069HigApr 10, 2026
    risk 0.49cvss 7.5epss 0.00

    NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity.

  • CVE-2018-8881HigMar 20, 2018
    risk 0.48cvss 7.3epss 0.01

    Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.

  • CVE-2022-46456MedJan 4, 2023
    risk 0.40cvss 6.1epss 0.00

    NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.

  • CVE-2026-6067MedApr 10, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of…

  • CVE-2023-38668MedAug 22, 2023
    risk 0.36cvss 5.5epss 0.00

    Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash).

  • CVE-2023-38667MedAug 22, 2023
    risk 0.36cvss 5.5epss 0.00

    Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service.

  • CVE-2023-38665MedAug 22, 2023
    risk 0.36cvss 5.5epss 0.00

    Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).

  • CVE-2022-29654MedAug 22, 2023
    risk 0.36cvss 5.5epss 0.01

    Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.

  • CVE-2020-21687MedAug 22, 2023
    risk 0.36cvss 5.5epss 0.00

    Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.

  • CVE-2020-21686MedAug 22, 2023
    risk 0.36cvss 5.5epss 0.00

    A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.

  • CVE-2020-21685MedAug 22, 2023
    risk 0.36cvss 5.5epss 0.00

    Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.

  • CVE-2020-21528MedAug 22, 2023
    risk 0.36cvss 5.5epss 0.00

    A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.

  • CVE-2020-18780MedAug 22, 2023
    risk 0.36cvss 5.5epss 0.00

    A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command.

Page 1 of 3