Vulnerabilities (CVE)

Filtered by CWE-125
Total 5717 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8783 2 Debian, Libtiff 2 Debian Linux, Libtiff 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.
CVE-2016-6261 3 Canonical, Gnu, Opensuse 3 Ubuntu Linux, Libidn, Leap 2024-02-28 5.0 MEDIUM 7.5 HIGH
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
CVE-2016-5107 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2024-02-28 1.9 LOW 6.0 MEDIUM
The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.
CVE-2016-3625 1 Libtiff 1 Libtiff 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
CVE-2015-8629 5 Debian, Mit, Opensuse and 2 more 12 Debian Linux, Kerberos 5, Leap and 9 more 2024-02-28 2.1 LOW 5.3 MEDIUM
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
CVE-2016-3633 1 Libtiff 1 Libtiff 2024-02-28 5.0 MEDIUM 7.5 HIGH
The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable.
CVE-2016-9017 1 Artifex 1 Mujs 2024-02-28 5.0 MEDIUM 7.5 HIGH
Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 allows context-dependent attackers to obtain sensitive information by using the "opname in crafted JavaScript file" approach, related to an "Out-of-Bounds read" issue affecting the jsC_dumpfunction function in the jsdump.c component.
CVE-2016-2180 2 Openssl, Oracle 2 Openssl, Linux 2024-02-28 5.0 MEDIUM 7.5 HIGH
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.
CVE-2015-8925 3 Canonical, Libarchive, Suse 5 Ubuntu Linux, Libarchive, Linux Enterprise Desktop and 2 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.
CVE-2016-1838 6 Apple, Canonical, Debian and 3 more 14 Iphone Os, Mac Os X, Tvos and 11 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2015-8948 3 Canonical, Gnu, Opensuse 4 Ubuntu Linux, Libidn, Leap and 1 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
CVE-2016-3620 1 Libtiff 1 Libtiff 2024-02-28 5.0 MEDIUM 7.5 HIGH
The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
CVE-2016-2064 1 Linux 1 Linux Kernel 2024-02-28 6.9 MEDIUM 7.8 HIGH
sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted application that makes an ioctl call specifying many commands.
CVE-2016-1839 6 Apple, Canonical, Debian and 3 more 14 Iphone Os, Mac Os X, Tvos and 11 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-3658 1 Libtiff 1 Libtiff 2024-02-28 5.0 MEDIUM 7.5 HIGH
The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable.
CVE-2016-6214 3 Debian, Libgd, Opensuse 3 Debian Linux, Libgd, Leap 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2015-8397 1 Grassroots Dicom Project 1 Grassroots Dicom 2024-02-28 6.4 MEDIUM 8.2 HIGH
The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image file, which triggers an out-of-bounds read.
CVE-2016-4628 1 Apple 2 Iphone Os, Watchos 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2016-4652 1 Apple 1 Mac Os X 2024-02-28 3.3 LOW 6.3 MEDIUM
CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors.
CVE-2015-8928 3 Canonical, Libarchive, Suse 5 Ubuntu Linux, Libarchive, Linux Enterprise Desktop and 2 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.