yasm_project CVE Vulnerabilities & Metrics

Focus on yasm_project vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About yasm_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with yasm_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total yasm_project CVEs: 16
Earliest CVE date: 12 Apr 2023, 13:15 UTC
Latest CVE date: 03 Jan 2024, 00:15 UTC

Latest CVE reference: CVE-2023-49558

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical yasm_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	16
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS yasm_project CVEs

These are the five CVEs with the highest CVSS scores for yasm_project, sorted by severity first and recency.

CVE-2023-49558 yasm_project Published on 03 Jan 2024, 00:15 UTC (CVSS: 0)
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.
CVE-2023-49557 yasm_project Published on 03 Jan 2024, 00:15 UTC (CVSS: 0)
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.
CVE-2023-49556 yasm_project Published on 03 Jan 2024, 00:15 UTC (CVSS: 0)
Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component.
CVE-2023-49555 yasm_project Published on 03 Jan 2024, 00:15 UTC (CVSS: 0)
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component.
CVE-2023-49554 yasm_project Published on 03 Jan 2024, 00:15 UTC (CVSS: 0)
Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.

All CVEs for yasm_project

CVE-2023-49558 yasm_project vulnerability CVSS: 0 03 Jan 2024, 00:15 UTC

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.

CVE-2023-49557 yasm_project vulnerability CVSS: 0 03 Jan 2024, 00:15 UTC

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.

CVE-2023-49556 yasm_project vulnerability CVSS: 0 03 Jan 2024, 00:15 UTC

Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component.

CVE-2023-49555 yasm_project vulnerability CVSS: 0 03 Jan 2024, 00:15 UTC

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component.

CVE-2023-49554 yasm_project vulnerability CVSS: 0 03 Jan 2024, 00:15 UTC

Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.

CVE-2023-37732 yasm_project vulnerability CVSS: 0 26 Jul 2023, 21:15 UTC

Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file.

CVE-2023-31725 yasm_project vulnerability CVSS: 0 17 May 2023, 15:15 UTC

yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c.

CVE-2023-31724 yasm_project vulnerability CVSS: 0 17 May 2023, 15:15 UTC

yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directive at /nasm/nasm-pp.c.

CVE-2023-31723 yasm_project vulnerability CVSS: 0 17 May 2023, 15:15 UTC

yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac_params at /nasm/nasm-pp.c.

CVE-2023-31975 yasm_project vulnerability CVSS: 0 09 May 2023, 13:15 UTC

yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.

CVE-2023-30402 yasm_project vulnerability CVSS: 0 25 Apr 2023, 16:15 UTC

YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.

CVE-2023-29583 yasm_project vulnerability CVSS: 0 24 Apr 2023, 13:15 UTC

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.

CVE-2023-29582 yasm_project vulnerability CVSS: 0 24 Apr 2023, 13:15 UTC

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.

CVE-2023-29579 yasm_project vulnerability CVSS: 0 24 Apr 2023, 13:15 UTC

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.

CVE-2023-29581 yasm_project vulnerability CVSS: 0 12 Apr 2023, 16:15 UTC

yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is either supposed to be input validation before data reaches libyasm, or a sandbox in which the application runs.

CVE-2023-29580 yasm_project vulnerability CVSS: 0 12 Apr 2023, 13:15 UTC

yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c.