Nasm: >> Netwide Assembler >> 3.02 Security Vulnerabilities
A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-10
NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or unexpected behavior.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-04-10
NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-04-10