Total
6024 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-6802 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef. | |||||
CVE-2016-8678 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64." | |||||
CVE-2017-5978 | 1 Zziplib Project | 1 Zziplib | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file. | |||||
CVE-2017-7226 | 1 Gnu | 1 Binutils | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well. | |||||
CVE-2017-7300 | 1 Gnu | 1 Binutils | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash. | |||||
CVE-2016-10169 | 1 Wavpack Project | 1 Wavpack | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. | |||||
CVE-2017-6840 | 1 Podofo Project | 1 Podofo | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file. | |||||
CVE-2016-9036 | 1 Tarantool | 1 Msgpuck | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer, resulting in a denial of service vulnerability. | |||||
CVE-2017-5897 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. | |||||
CVE-2017-5335 | 2 Gnu, Opensuse | 2 Gnutls, Leap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. | |||||
CVE-2017-8363 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | |||||
CVE-2016-7449 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string. | |||||
CVE-2016-10171 | 1 Wavpack Project | 1 Wavpack | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. | |||||
CVE-2016-10070 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. | |||||
CVE-2017-5834 | 1 Libimobiledevice | 1 Libplist | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file. | |||||
CVE-2017-9189 | 1 Autotrace Project | 1 Autotrace | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and application crash), related to the GET_COLOR function in color.c:16:11. | |||||
CVE-2017-6304 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read." | |||||
CVE-2017-2806 | 1 Lexmark | 1 Perceptive Document Filters | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400 | |||||
CVE-2016-2372 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2024-02-28 | 4.9 MEDIUM | 5.9 MEDIUM |
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user. | |||||
CVE-2016-5322 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. |