{"id":"CVE-2019-7700","details":"A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge.","modified":"2026-04-11T17:54:15.234975Z","published":"2019-02-10T22:29:00.450Z","references":[{"type":"FIX","url":"https://github.com/WebAssembly/binaryen/issues/1864"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/webassembly/binaryen","events":[{"introduced":"0"},{"fixed":"777d33d40ff030f1711c40bf3cd5bc4bc36af313"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"64"}]}}],"versions":["1.36.10","1.36.11","1.36.12","1.36.13","1.36.14","1.36.2","1.36.3","1.36.4","1.36.5","1.36.6","1.36.7","1.36.8","1.36.9","1.37.0","1.37.1","1.37.10","1.37.11","1.37.12","1.37.13","1.37.14","1.37.15","1.37.16","1.37.17","1.37.18","1.37.19","1.37.2","1.37.20","1.37.21","1.37.22","1.37.23","1.37.24","1.37.25","1.37.26","1.37.27","1.37.28","1.37.29","1.37.3","1.37.30","1.37.31","1.37.32","1.37.33","1.37.34","1.37.35","1.37.36","1.37.37","1.37.39","1.37.4","1.37.40","1.37.5","1.37.6","1.37.7","1.37.8","1.37.9","1.38.0","1.38.1","1.38.10","1.38.11","1.38.12","1.38.13","1.38.14","1.38.15","1.38.16","1.38.17","1.38.18","1.38.19","1.38.2","1.38.20","1.38.21","1.38.22","1.38.23","1.38.3","1.38.4","1.38.5","1.38.6","1.38.7","1.38.8","1.38.9","binary_0xb","version_1","version_10","version_11","version_12","version_13","version_14","version_15","version_16","version_17","version_18","version_19","version_2","version_20","version_21","version_22","version_23","version_24","version_25","version_26","version_27","version_28","version_29","version_3","version_30","version_31","version_32","version_33","version_34","version_35","version_36","version_37","version_38","version_39","version_4","version_40","version_41","version_42","version_43","version_44","version_45","version_46","version_47","version_48","version_49","version_5","version_50","version_51","version_52","version_53","version_54","version_55","version_56","version_57","version_58","version_59","version_6","version_60","version_61","version_62","version_63","version_7","version_8","version_9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7700.json","vanir_signatures":[{"signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2019-7700-4f2294f7","digest":{"function_hash":"143737180360553465436118507774498010635","length":21129},"target":{"file":"src/asm2wasm.h","function":"Asm2WasmBuilder::processAsm"},"source":"https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313"},{"signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2019-7700-55914de7","digest":{"threshold":0.9,"line_hashes":["197834386609990190660658376494400634047","230751627369602897535367828388051389677","336859316406527781017065435234404248053","41276762427330585015445567180683194467"]},"target":{"file":"src/wasm-emscripten.h"},"source":"https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313"},{"signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2019-7700-7bcdf074","digest":{"threshold":0.9,"line_hashes":["67763751847475704613137488435997492917","11092678074950976786541223300914299782","83014327735221591191479881775992125775","32795490460723772134172091328908985275","150081489502840546503510411609202865508","186502562418831327916913906281059240037","81062518221878434523040895973597062096","255791717607742475400212674930341013721","279059291008106175449343664540853882718","119516556563219962869888727107305829281","273268632913118307560910743007064707345","206270979931966135522688490632349305102","205007461897933857657602724876834633565","129589606498150712070120989213094759998","192680331533594347188278206392354265110","202703705032309117778443815604253559795","27147988621632559671180398895940792122","237128518898913234383340250069850836436","30862407209301333969246506920178724397","23561735558910007848793400252220641720","8809195615572420798691655763271322252","205153151581145418897379838572825814524","254667827196645618469755417729989716259","85227045920208427987069202340945838114"]},"target":{"file":"src/tools/wasm-emscripten-finalize.cpp"},"source":"https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313"},{"signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2019-7700-ab34f2ab","digest":{"function_hash":"122687133488173724193644540400869789453","length":5464},"target":{"file":"src/tools/wasm-emscripten-finalize.cpp","function":"main"},"source":"https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313"},{"signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2019-7700-b308183b","digest":{"threshold":0.9,"line_hashes":["311603147456977400152429201973903889504","267254175071185226879431060299918005990","189614778024756723211343449732418475698","16919839466976018149161181660787991618","186424230218048978421671979781596487795","284363801826454717926384585556320189329","113500351515846633073416403242055535705","168914480211122056088036509523057995414","35580501077459053214680905063622064199","167467896953935516288542812179644102333","146423767868341463157147956075368395472","299488347443531629906127720449003520723"]},"target":{"file":"src/wasm/wasm-emscripten.cpp"},"source":"https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313"},{"signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2019-7700-c736ddf5","digest":{"threshold":0.9,"line_hashes":["93311049439594093655913658023033474700","29165148232231256482909389094154516982","267255509956472768128922367426232857231","313400781351748657887649211950082601060","9879456224345171386945151762644809925","72436541964025692405781322418071947728","160644238717616448485963672048490716178","131420967666337165016804812834186228928","31806524227782282141341988971711701624","114848884344023823327877959484529743021","16532795352022162883742029384269484770","219824183060125624607695481158430492146","18644794995939299628455904051998062848","295919784213093232839483042343648558836","105147925275387406829980559424256433409"]},"target":{"file":"src/asm2wasm.h"},"source":"https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313"},{"signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2019-7700-f0f2d28b","digest":{"function_hash":"321581028299307693081369001656568394191","length":380},"target":{"file":"src/wasm/wasm-emscripten.cpp","function":"EmscriptenGlueGenerator::generateStackInitialization"},"source":"https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313"}],"vanir_signatures_modified":"2026-04-11T17:54:15Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}