VYPR

Vendor CVEs

Nasm

All CVEs

73 total · sorted by risk
  • CVE-2026-6068CriApr 10, 2026
    risk 0.62cvss 9.6epss 0.00

    NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption…

  • CVE-2018-10254HigApr 21, 2018
    risk 0.51cvss 7.8epss 0.01

    Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.

  • CVE-2018-8883HigMar 20, 2018
    risk 0.51cvss 7.8epss 0.00

    Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.

  • CVE-2018-8882HigMar 20, 2018
    risk 0.51cvss 7.8epss 0.00

    Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.

  • CVE-2017-11111HigJul 8, 2017
    risk 0.51cvss 7.8epss 0.02

    In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

  • CVE-2017-10686HigJun 29, 2017
    risk 0.51cvss 7.8epss 0.03

    In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that…

  • CVE-2026-6069HigApr 10, 2026
    risk 0.49cvss 7.5epss 0.00

    NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity.

  • CVE-2017-17818HigDec 21, 2017
    risk 0.49cvss 7.5epss 0.03

    In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.

  • CVE-2018-8881HigMar 20, 2018
    risk 0.48cvss 7.3epss 0.01

    Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.

  • CVE-2026-6067MedApr 10, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of…

  • CVE-2018-16999MedSep 13, 2018
    risk 0.36cvss 5.5epss 0.01

    Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.

  • CVE-2018-1000667MedSep 6, 2018
    risk 0.36cvss 5.5epss 0.01

    NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at…

  • CVE-2018-10316MedApr 24, 2018
    risk 0.36cvss 5.5epss 0.01

    Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.

  • CVE-2017-17820MedDec 21, 2017
    risk 0.36cvss 5.5epss 0.01

    In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.

  • CVE-2017-17819MedDec 21, 2017
    risk 0.36cvss 5.5epss 0.01

    In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.

  • CVE-2017-17817MedDec 21, 2017
    risk 0.36cvss 5.5epss 0.01

    In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.

  • CVE-2017-17816MedDec 21, 2017
    risk 0.36cvss 5.5epss 0.01

    In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.

  • CVE-2017-17815MedDec 21, 2017
    risk 0.36cvss 5.5epss 0.01

    In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.

  • CVE-2017-17814MedDec 21, 2017
    risk 0.36cvss 5.5epss 0.01

    In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.

  • CVE-2017-17813MedDec 21, 2017
    risk 0.36cvss 5.5epss 0.01

    In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.

  • CVE-2017-17812MedDec 21, 2017
    risk 0.36cvss 5.5epss 0.01

    In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.

  • CVE-2017-17811MedDec 21, 2017
    risk 0.36cvss 5.5epss 0.01

    In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.

  • CVE-2017-17810MedDec 21, 2017
    risk 0.36cvss 5.5epss 0.01

    In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.

  • CVE-2017-14228MedSep 9, 2017
    risk 0.36cvss 5.5epss 0.01

    In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.

  • CVE-2025-8846MedAug 11, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be…

  • CVE-2025-8845MedAug 11, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the…

  • CVE-2025-8843MedAug 11, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public…

  • CVE-2025-8842MedAug 11, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be…

  • CVE-2025-8844LowAug 11, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the…

  • CVE-2008-2719Jun 16, 2008
    risk 0.04cvss epss 0.10

    Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.

  • CVE-2004-1287Jan 10, 2005
    risk 0.04cvss epss 0.18

    Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.

  • CVE-2020-21685Aug 22, 2023
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.

  • CVE-2023-38668Aug 22, 2023
    risk 0.00cvss epss 0.00

    Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash).

  • CVE-2020-21686Aug 22, 2023
    risk 0.00cvss epss 0.00

    A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.

  • CVE-2020-21687Aug 22, 2023
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.

  • CVE-2022-29654Aug 22, 2023
    risk 0.00cvss epss 0.01

    Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.

  • CVE-2020-21528Aug 22, 2023
    risk 0.00cvss epss 0.00

    A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.

  • CVE-2020-18780Aug 22, 2023
    risk 0.00cvss epss 0.00

    A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command.

  • CVE-2023-38667Aug 22, 2023
    risk 0.00cvss epss 0.00

    Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service.

  • CVE-2023-38665Aug 22, 2023
    risk 0.00cvss epss 0.00

    Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).

  • CVE-2023-31722May 17, 2023
    risk 0.00cvss epss 0.00

    There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).

  • CVE-2022-44370Mar 29, 2023
    risk 0.00cvss epss 0.00

    NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856

  • CVE-2022-44369Mar 29, 2023
    risk 0.00cvss epss 0.00

    NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c.

  • CVE-2022-44368Mar 29, 2023
    risk 0.00cvss epss 0.00

    NASM v2.16 was discovered to contain a null pointer deference in the NASM component

  • CVE-2022-46457Jan 4, 2023
    risk 0.00cvss epss 0.00

    NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.

  • CVE-2022-46456Jan 4, 2023
    risk 0.00cvss epss 0.00

    NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.

  • CVE-2022-41420Oct 3, 2022
    risk 0.00cvss epss 0.00

    nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component

  • CVE-2021-33452Jul 26, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.

  • CVE-2021-33450Jul 26, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c.

  • CVE-2021-45257Dec 22, 2021
    risk 0.00cvss epss 0.01

    An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.

Page 1 of 2