hex-rays CVE Vulnerabilities & Metrics

Focus on hex-rays vulnerabilities and metrics.

Last updated: 16 Apr 2025, 22:25 UTC

About hex-rays Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with hex-rays. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total hex-rays CVEs: 3
Earliest CVE date: 21 Feb 2011, 19:00 UTC
Latest CVE date: 19 Aug 2024, 04:15 UTC

Latest CVE reference: CVE-2024-44083

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical hex-rays CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 7.27

Max CVSS: 10.0

Critical CVEs (≥9): 5

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	3
7.0-8.9	0
9.0-10.0	5

CVSS Distribution Chart

Top 5 Highest CVSS hex-rays CVEs

These are the five CVEs with the highest CVSS scores for hex-rays, sorted by severity first and recency.

CVE-2014-9458 hex-rays Published on 02 Jan 2015, 20:59 UTC (CVSS: 10.0)
Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors.
CVE-2011-1054 hex-rays Published on 21 Feb 2011, 19:00 UTC (CVSS: 10.0)
Unspecified vulnerability in the PEF input file loader in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors.
CVE-2011-1052 hex-rays Published on 21 Feb 2011, 19:00 UTC (CVSS: 10.0)
Integer overflow in the PSX/GEOS input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.
CVE-2011-1051 hex-rays Published on 21 Feb 2011, 19:00 UTC (CVSS: 10.0)
Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.
CVE-2011-1050 hex-rays Published on 21 Feb 2011, 19:00 UTC (CVSS: 10.0)
Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to "converson of string encodings" and "inconsistencies in the handling of UTF8 sequences by the user interface."

All CVEs for hex-rays

CVE-2024-44083 hex-rays vulnerability CVSS: 0 19 Aug 2024, 04:15 UTC

ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. NOTE: in many use cases, this is an inconvenience but not a security issue.

CVE-2022-32441 hex-rays vulnerability CVSS: 4.3 07 Jul 2022, 14:15 UTC

A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause a Denial of Service (DoS) via a crafted file. Related to Data from Faulting Address controls subsequent Write Address starting at msvcrt!memcpy+0x0000000000000056.

CVE-2014-9458 hex-rays vulnerability CVSS: 10.0 02 Jan 2015, 20:59 UTC

Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors.

CVE-2011-1054 hex-rays vulnerability CVSS: 10.0 21 Feb 2011, 19:00 UTC

Unspecified vulnerability in the PEF input file loader in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors.

CVE-2011-1053 hex-rays vulnerability CVSS: 4.3 21 Feb 2011, 19:00 UTC

Unspecified vulnerability in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (out-of-memory exception and inability to analyze code) via a crafted Mach-O file.

CVE-2011-1052 hex-rays vulnerability CVSS: 10.0 21 Feb 2011, 19:00 UTC

Integer overflow in the PSX/GEOS input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.

CVE-2011-1051 hex-rays vulnerability CVSS: 10.0 21 Feb 2011, 19:00 UTC

Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.

CVE-2011-1050 hex-rays vulnerability CVSS: 10.0 21 Feb 2011, 19:00 UTC

Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to "converson of string encodings" and "inconsistencies in the handling of UTF8 sequences by the user interface."

CVE-2011-1049 hex-rays vulnerability CVSS: 6.8 21 Feb 2011, 19:00 UTC

Buffer overflow in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Macho-O file.