Nasm: Security Vulnerabilities
A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-10
NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or unexpected behavior.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-04-10
NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-04-10
A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-08-11
A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-08-11
A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-08-11
A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-08-11
A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-08-11
Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).
CVSS Score
5.5
EPSS Score
0.0
Published
2023-08-22
Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-08-22
Page 1