Browse all 4 CVE security advisories affecting Velocidex. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Velocidex develops digital forensics tools primarily for disk imaging and file system analysis. Historically, its products have been susceptible to remote code execution and privilege escalation vulnerabilities, often stemming from improper input validation and insecure memory handling. While no major public security incidents have been widely documented, the four recorded CVEs highlight potential risks in handling malformed forensic images. The software's privileged access to system data and complex parsing operations create attack surfaces that require careful hardening, particularly in environments where untrusted evidence sources may be processed.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-12668 | Velocidex WinPmem Out of Bounds Write Vulnerability — WinPmemCWE-787 | 8.2 | High | 2024-12-16 |
| CVE-2024-10972 | WinPmem Improper Input Validation vulnerability — WinPmemCWE-367 | 7.3 | High | 2024-12-16 |
This page lists every published CVE security advisory associated with Velocidex. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.