CVE-2018-1000667
MEDIUMNASM < 2.14.0 - Memory Corruption via Crafted ASM File
Title source: llmDescription
NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/cyrillos/nasm/issues/3
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.nasm.us/show_bug.cgi?id=3392507
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html
Scores
CVSS v3
5.5
EPSS
0.0123
EPSS Percentile
65.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (2)
nasm/netwide_assembler
2.14.0 rc1 (15 CPE variants)
nasm/netwide_assembler
< 2.14.0
Published
Sep 06, 2018
Tracked Since
Feb 18, 2026