CVE-2004-1287
published 2005-01-10CVE-2004-1287: Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different…
PriorityP345critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
17.88%
96.8th percentile
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nasm | < nasm 0.98.38-1.1 (bookworm) | nasm 0.98.38-1.1 (bookworm) |
| debian | nasm | < nasm 0.98.38-1.2 (bookworm) | nasm 0.98.38-1.2 (bookworm) |
| nasm | nasm | >= 0 < 0.98.38-1.1 | 0.98.38-1.1 |
| nasm | nasm | >= 0 < 0.98.38-1.2 | 0.98.38-1.2 |
| nasm | nasm | >= 0 < 0.98.38-1.1 | 0.98.38-1.1 |
| nasm | nasm | >= 0 < 0.98.38-1.2 | 0.98.38-1.2 |
| nasm | nasm | >= 0 < 0.98.38-1.1 | 0.98.38-1.1 |
| nasm | nasm | >= 0 < 0.98.38-1.2 | 0.98.38-1.2 |
| nasm | nasm | >= 0 < 0.98.38-1.1 | 0.98.38-1.1 |
| nasm | nasm | >= 0 < 0.98.38-1.2 | 0.98.38-1.2 |
| nasm | netwide_assembler | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | linux_advanced_workstation | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pc6g-x96w-gjr7: Stack-based buffer overflow in the ieee_putascii function for nasm 0
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2005-1194 [CRITICAL] GHSA-pc6g-x96w-gjr7: Stack-based buffer overflow in the ieee_putascii function for nasm 0
Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
GHSA
GHSA-vq2p-3c23-ghfm: Buffer overflow in the error function in preproc
ghsa_unreviewed·2022-04-29·CVSS 4.6
CVE-2004-1287 [MEDIUM] CWE-787 GHSA-vq2p-3c23-ghfm: Buffer overflow in the error function in preproc
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
OSV
CVE-2005-1194: Stack-based buffer overflow in the ieee_putascii function for nasm 0
osv·2005-05-04·CVSS 10.0
CVE-2005-1194 [CRITICAL] CVE-2005-1194: Stack-based buffer overflow in the ieee_putascii function for nasm 0
Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
OSV
CVE-2004-1287: Buffer overflow in the error function in preproc
osv·2005-01-10·CVSS 10.0
CVE-2004-1287 [CRITICAL] CVE-2004-1287: Buffer overflow in the error function in preproc
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
Red Hat
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
vendor_redhat·2026-02-12·CVSS 8.8
CVE-2026-2004 [HIGH] CWE-1287 postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security cri
Red Hat
security flaw
vendor_redhat·2005-03-31·CVSS 10.0
CVE-2005-1194 [CRITICAL] security flaw
security flaw
Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2005-1194: nasm - Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earl...
vendor_debian·2005·CVSS 10.0
CVE-2005-1194 [CRITICAL] CVE-2005-1194: nasm - Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earl...
Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
Scope: local
bookworm: resolved (fixed in 0.98.38-1.2)
bullseye: resolved (fixed in 0.98.38-1.2)
forky: resolved (fixed in 0.98.38-1.2)
sid: resolved (fixed in 0.98.38-1.2)
trixie: resolved (fixed in 0.98.38-1.2)
Ubuntu
nasm vulnerability
vendor_ubuntu·2004-12-22
CVE-2004-1287 nasm vulnerability
Title: nasm vulnerability
Summary: nasm vulnerability
Jonathan Rockway discovered a locally exploitable buffer overflow in
the error() function of nasm. If an attacker tricked a user into
assembling a malicious source file, they could exploit this to execute
arbitrary code with the privileges of the user that runs nasm.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2004-12-15·CVSS 10.0
CVE-2004-1287 [CRITICAL] security flaw
security flaw
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2004-1287: nasm - Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows a...
vendor_debian·2004·CVSS 10.0
CVE-2004-1287 [CRITICAL] CVE-2004-1287: nasm - Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows a...
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
Scope: local
bookworm: resolved (fixed in 0.98.38-1.1)
bullseye: resolved (fixed in 0.98.38-1.1)
forky: resolved (fixed in 0.98.38-1.1)
sid: resolved (fixed in 0.98.38-1.1)
trixie: resolved (fixed in 0.98.38-1.1)
No detection rules found.
Bugzilla
CVE-2005-1194 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2005-1194 [CRITICAL] CVE-2005-1194 security flaw
CVE-2005-1194 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
---
Statement:
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Bugzilla
CVE-2004-1287 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2004-1287 [CRITICAL] CVE-2004-1287 security flaw
CVE-2004-1287 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
---
Statement:
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
http://tigger.uic.edu/~jlongs2/holes/nasm.txthttp://www.redhat.com/support/errata/RHSA-2005-381.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/18540https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11299http://tigger.uic.edu/~jlongs2/holes/nasm.txthttp://www.redhat.com/support/errata/RHSA-2005-381.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/18540https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11299
2005-01-10
Published