CVE-2020-18974: Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147. Upstream issue is currently untouched.
CVE-2021-45256 (https://bugzilla.nasm.us/show_bug.cgi?id=3392789): A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c. CVE-2021-45257 (https://bugzilla.nasm.us/show_bug.cgi?id=3392790): An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function. Can't tell if there's been any action taken upstream as their Bugzilla seems to be down.
CVE-2021-33450 (https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d): https://bugzilla.nasm.us/show_bug.cgi?id=3392758 An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c. CVE-2021-33452 (https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d): https://bugzilla.nasm.us/show_bug.cgi?id=3392757 An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.
CVE-2022-41420 (https://bugzilla.nasm.us/show_bug.cgi?id=3392810): nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component
CVE-2022-46456 (https://bugzilla.nasm.us/show_bug.cgi?id=3392814): NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c. CVE-2022-46457 (https://bugzilla.nasm.us/show_bug.cgi?id=3392809): NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c. The first one is untouched by upstream, the second was closed without any comment.