{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2016-20040", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-28T11:32:42.741Z", "datePublished": "2026-03-28T11:58:02.386Z", "dateUpdated": "2026-04-01T13:56:34.739Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:02.386Z"}, "title": "TiEmu 3.03-nogdb+dfsg-3 Buffer Overflow via ROM Parameter", "descriptions": [{"lang": "en", "value": "TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized ROM parameter to the tiemu command-line interface to overflow the stack buffer and overwrite the instruction pointer with malicious addresses."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "affected": [{"vendor": "ticalc", "product": "Texas Instrument Emulator", "versions": [{"version": "3.03", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.6, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/39692", "name": "ExploitDB-39692", "tags": ["exploit"]}, {"url": "http://lpg.ticalc.org/prj_tiemu/", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: TiEmu 3.03-nogdb+dfsg-3 Buffer Overflow via ROM Parameter", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/tiemu-nogdb-dfsg-3-buffer-overflow-via-rom-parameter"}], "credits": [{"lang": "en", "value": "Juan Sacco - http://www.exploitpack.com -", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2016-04-13T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T13:56:20.560851Z", "id": "CVE-2016-20040", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T13:56:34.739Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2016-20040", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T13:56:20.560851Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T13:56:28.867Z"}}], "cna": {"title": "TiEmu 3.03-nogdb+dfsg-3 Buffer Overflow via ROM Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Juan Sacco - http://www.exploitpack.com -"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ticalc", "product": "Texas Instrument Emulator", "versions": [{"status": "affected", "version": "3.03"}]}], "datePublic": "2016-04-13T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/39692", "name": "ExploitDB-39692", "tags": ["exploit"]}, {"url": "http://lpg.ticalc.org/prj_tiemu/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/tiemu-nogdb-dfsg-3-buffer-overflow-via-rom-parameter", "name": "VulnCheck Advisory: TiEmu 3.03-nogdb+dfsg-3 Buffer Overflow via ROM Parameter", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized ROM parameter to the tiemu command-line interface to overflow the stack buffer and overwrite the instruction pointer with malicious addresses."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:02.386Z"}}}, "cveMetadata": {"cveId": "CVE-2016-20040", "state": "PUBLISHED", "dateUpdated": "2026-04-01T13:56:34.739Z", "dateReserved": "2026-03-28T11:32:42.741Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-28T11:58:02.386Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized ROM parameter to the tiemu command-line interface to overflow the stack buffer and overwrite the instruction pointer with malicious addresses."}, {"lang": "es", "value": "TiEmu 3.03-nogdb+dfsg-3 contiene una vulnerabilidad de desbordamiento de b\u00fafer en el manejo de par\u00e1metros ROM que permite a atacantes locales bloquear la aplicaci\u00f3n o ejecutar c\u00f3digo arbitrario. Los atacantes pueden suministrar un par\u00e1metro ROM sobredimensionado a la interfaz de l\u00ednea de comandos de tiemu para desbordar el b\u00fafer de pila y sobrescribir el puntero de instrucci\u00f3n con direcciones maliciosas."}], "id": "CVE-2016-20040", "lastModified": "2026-05-01T15:21:32.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-28T12:15:59.670", "references": [{"source": "disclosure@vulncheck.com", "url": "http://lpg.ticalc.org/prj_tiemu/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/39692"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/tiemu-nogdb-dfsg-3-buffer-overflow-via-rom-parameter"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.03"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Texas Instrument Emulator", "source": "cna", "vendor": "ticalc"}, "product": "texas_instrument_emulator", "vendor": "ticalc"}], "analysis": {"en": {"generated_at": "2026-03-28T13:26:48.500789+00:00", "value": {"mitigation_remediation": ["Upgrade TiEmu to the latest patched version available from the official website."], "summary": {"action": "Patch immediately", "impact": "Arbitrary code execution via local buffer overflow"}, "threat_synthesis": {"affected_systems": "The affected product is TiEmu 3.03\u2011nogdb+dfsg\u20113, a Texas Instrument Emulator released by the ticalc community. No other versions are listed, so only this specific build is vulnerable.", "description_and_impact": "The vulnerability is a stack\u2011based buffer overflow in TiEmu\u2019s ROM parameter handling. A local attacker can supply an oversized ROM parameter through the command\u2011line interface, overflowing the stack buffer and overwriting the instruction pointer. This can cause a crash or lead to arbitrary code execution.", "risk_and_exploitability": "The CVSS score of 8.6 indicates high severity, and the vulnerability is not listed in the CISA KEV catalog. EPSS data is unavailable. The exploit is local, requiring access to the command line, but it can result in arbitrary code execution or denial of service, posing a substantial risk if used in shared or untrusted environments."}}}}, "created": "2026-03-29T20:32:30.584559+00:00", "updated": "2026-03-30T06:59:25.130182+00:00", "vendors": ["ticalc", "ticalc$PRODUCT$texas_instrument_emulator"]}