| CVE ID | CVSS Score | Severity | Description |
|---|---|---|---|
| CVE-2026-6071 | 7.5 | high |
A remote code execution security issue exists in the affected products when parsing DOE files that could allow a remote attacker to write past the end of an allocated object and execute code within the context of the current process. To exploit this vulnerability, a legitimate user must visit a malicious page or open a malicious file.
|
| CVE-2025-6376 | 7.0 | high |
A remote code execution security issue exists in the affected products that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
|
| CVE-2024-12175 | 7.8 | high |
Another "use after free" code execution vulnerability exists in the affected products that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
|
| CVE-2024-11155 | 7.8 | high |
A "use after free" code execution vulnerability exists in the affected products that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
|
| CVE-2024-11156 | 7.8 | high |
An "out of bounds write" code execution vulnerability exists in the affected products that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
|
| CVE-2024-11364 | 7.8 | high |
Another "uninitialized variable" code execution vulnerability exists in the affected products that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
|
| CVE-2024-11157 | 7.8 | high |
A third-party vulnerability exists in the affected products that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
|
| CVE-2024-12130 | 7.8 | high |
An "out of bounds read" code execution vulnerability exists in the affected products that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
|
| CVE-2025-6377 | 7.0 | high |
A remote code execution security issue exists in the affected products that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
|
| CVE-2024-11158 | 7.8 | high |
An "uninitialized variable" code execution vulnerability exists in the affected products that could allow a threat actor to craft a DOE file and force the software to access a variable before it is initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
|
| CVE-2024-12672 | 7.8 | high |
A third-party vulnerability exists in the affected products that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
|