MidnightBSD

Advisories for hex-rays

CVE-2011-1049 MEDIUM

Buffer overflow in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Macho-O file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hex-rays ida 6.0
hex-rays ida 5.7
CVE-2011-1050 HIGH

Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to "converson of string encodings" and "inconsistencies in the handling of UTF8 sequences by the user interface."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hex-rays ida 6.0
hex-rays ida 5.7
CVE-2011-1051 HIGH

Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
hex-rays ida 6.0
hex-rays ida 5.7
CVE-2011-1052 HIGH

Integer overflow in the PSX/GEOS input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
hex-rays ida 6.0
hex-rays ida 5.7
CVE-2011-1053 MEDIUM

Unspecified vulnerability in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (out-of-memory exception and inability to analyze code) via a crafted Mach-O file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hex-rays ida 6.0
hex-rays ida 5.7
CVE-2011-1054 HIGH

Unspecified vulnerability in the PEF input file loader in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hex-rays ida 6.0
hex-rays ida 5.7
CVE-2014-9458 HIGH

Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hex-rays ida *
CVE-2022-32441 MEDIUM

A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause a Denial of Service (DoS) via a crafted file. Related to Data from Faulting Address controls subsequent Write Address starting at msvcrt!memcpy+0x0000000000000056.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
hex-rays ida 6.6