Nasm Netwide Assembler — known CVE vulnerabilities
Every CVE whose affected-product data names Nasm Netwide Assembler, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (75)
CVE-2004-1287 — CVSS 10.0 (critical): Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file…
CVE-2020-24978 — CVSS 9.8 (critical): In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900f…
CVE-2026-6068 — CVSS 9.6 (critical): NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in…
CVE-2008-7177 — CVSS 9.3 (critical): Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different…
CVE-2018-19215 — CVSS 7.8 (high): Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the %…
CVE-2018-8882 — CVSS 7.8 (high): Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.
CVE-2018-8883 — CVSS 7.8 (high): Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to…
CVE-2017-11111 — CVSS 7.8 (high): In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and…
CVE-2019-8343 — CVSS 7.8 (high): In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.
CVE-2017-10686 — CVSS 7.8 (high): In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated…
CVE-2018-10254 — CVSS 7.8 (high): Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could…
CVE-2018-19214 — CVSS 7.8 (high): Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.
CVE-2026-6069 — CVSS 7.5 (high): NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered…
CVE-2017-17818 — CVSS 7.5 (high): In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a…
CVE-2018-8881 — CVSS 7.3 (high): Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated…
CVE-2019-20352 — CVSS 7.1 (high): In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from…
CVE-2008-2719 — CVSS 6.8 (medium): Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial…
CVE-2022-46456 — CVSS 6.1 (medium): NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.
CVE-2018-19755 — CVSS 5.5 (medium): There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of…
CVE-2018-20535 — CVSS 5.5 (medium): There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service…
CVE-2018-20538 — CVSS 5.5 (medium): There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service…
CVE-2019-14248 — CVSS 5.5 (medium): In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and…
CVE-2019-20334 — CVSS 5.5 (medium): In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships…
CVE-2019-6290 — CVSS 5.5 (medium): An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem…
CVE-2019-6291 — CVSS 5.5 (medium): An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem…
CVE-2019-7147 — CVSS 5.5 (medium): A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause…
CVE-2020-18780 — CVSS 5.5 (medium): A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via…
CVE-2020-21528 — CVSS 5.5 (medium): A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a…
CVE-2020-21685 — CVSS 5.5 (medium): Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via…
CVE-2020-21686 — CVSS 5.5 (medium): A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to…
CVE-2020-21687 — CVSS 5.5 (medium): Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via…
CVE-2022-29654 — CVSS 5.5 (medium): Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via…
CVE-2022-46457 — CVSS 5.5 (medium): NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.
CVE-2023-38665 — CVSS 5.5 (medium): Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).
CVE-2023-38668 — CVSS 5.5 (medium): Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash).
CVE-2023-38667 — CVSS 5.5 (medium): Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service.
CVE-2017-14228 — CVSS 5.5 (medium): In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer…
CVE-2017-17810 — CVSS 5.5 (medium): In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because…
CVE-2017-17811 — CVSS 5.5 (medium): In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a…
CVE-2017-17812 — CVSS 5.5 (medium): In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a…
CVE-2017-17813 — CVSS 5.5 (medium): In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote…
CVE-2017-17814 — CVSS 5.5 (medium): In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service…
CVE-2017-17815 — CVSS 5.5 (medium): In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of…
CVE-2017-17816 — CVSS 5.5 (medium): In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service…
CVE-2017-17817 — CVSS 5.5 (medium): In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service…
CVE-2017-17819 — CVSS 5.5 (medium): In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote…
CVE-2017-17820 — CVSS 5.5 (medium): In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of…
CVE-2018-1000667 — CVSS 5.5 (medium): NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file…
CVE-2018-1000886 — CVSS 5.5 (medium): nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by…
CVE-2018-10016 — CVSS 5.5 (medium): Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.
CVE-2018-10316 — CVSS 5.5 (medium): Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer…
CVE-2018-16517 — CVSS 5.5 (medium): asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a…
CVE-2018-16999 — CVSS 5.5 (medium): Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to…
CVE-2018-19209 — CVSS 5.5 (medium): Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.
CVE-2018-19213 — CVSS 5.5 (medium): Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.
CVE-2026-6067 — CVSS 5.5 (medium): A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive()…
CVE-2025-8845 — CVSS 5.3 (medium): A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The…
CVE-2025-8846 — CVSS 5.3 (medium): A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation…
CVE-2025-8842 — CVSS 5.3 (medium): A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c…
CVE-2025-8843 — CVSS 5.3 (medium): A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The…
CVE-2025-8844 — CVSS 3.3 (low): A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file…
CVE-2020-18974 — CVSS 3.3 (low): Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component…