Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1287Out-of-bounds Write in Nasm

CWE-787Out-of-bounds WriteCWE-1287Improper Validation of Specified Type of Input16 documents8 sources
Severity
10.0CRITICALNVD
NVD4.6
EPSS
16.4%
top 5.10%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
NasmDebian NasmNasm Netwide Assembler+3 more
Timeline
PublishedJan 10
Latest updateFeb 12

Description

Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

debiandebian/nasm< nasm 0.98.38-1.1 (bookworm)+1
Debiannasm/nasm< 0.98.38-1.1+7

Also affects: Enterprise Linux 2.1, 3.0, 4.0

🔴Vulnerability Details

4
GHSA
GHSA-pc6g-x96w-gjr7: Stack-based buffer overflow in the ieee_putascii function for nasm 02022-05-01
GHSA
GHSA-vq2p-3c23-ghfm: Buffer overflow in the error function in preproc2022-04-29
OSV
CVE-2005-1194: Stack-based buffer overflow in the ieee_putascii function for nasm 02005-05-04
OSV
CVE-2004-1287: Buffer overflow in the error function in preproc2005-01-10

💥Exploits & PoCs

1
Exploit-DB
NASM 0.98.x - Error Preprocessor Directive Buffer Overflow2004-12-15

📋Vendor Advisories

6
Red Hat
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code2026-02-12
Red Hat
security flaw2005-03-31
Debian
CVE-2005-1194: nasm - Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earl...2005
Ubuntu
nasm vulnerability2004-12-22
Red Hat
security flaw2004-12-15

💬Community

2
Bugzilla
CVE-2005-1194 security flaw2018-08-16
Bugzilla
CVE-2004-1287 security flaw2018-08-16