nvd
Nasm
Vulnerabilities
75
Known exploited
0
Critical
3
High
5
Top products
Top vulnerabilities
CVE-2004-1287Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
CVE-2026-6068NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or remote code execution.
CVE-2008-7177Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719.
CVE-2026-6069NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity.
CVE-2019-8343In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.
CVE-2022-44370NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856
CVE-2019-20352In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c.
CVE-2018-19755There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.
CVE-2008-2719Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.
CVE-2019-20334In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.
CVE-2022-46456NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.
CVE-2026-6067A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution.
CVE-2023-38668Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash).
CVE-2023-38667Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service.
CVE-2023-38665Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).
CVE-2023-31722There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).
CVE-2022-46457NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.
CVE-2022-44369NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c.
CVE-2022-44368NASM v2.16 was discovered to contain a null pointer deference in the NASM component
CVE-2022-41420nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component
CVE-2022-29654Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.
CVE-2021-33452An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.
CVE-2021-33450An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c.
CVE-2020-24978In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.
CVE-2020-24242In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory.