Total
6585 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-14245 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. | |||||
CVE-2017-14227 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. | |||||
CVE-2017-14226 | 2 Libreoffice, Libwpd | 2 Libreoffice, Libwpd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. | |||||
CVE-2017-14166 | 3 Canonical, Debian, Libarchive | 3 Ubuntu Linux, Debian Linux, Libarchive | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. | |||||
CVE-2017-14132 | 2 Debian, Jasper Project | 2 Debian Linux, Jasper | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c. | |||||
CVE-2017-14130 | 1 Gnu | 1 Binutils | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file. | |||||
CVE-2017-14129 | 1 Gnu | 1 Binutils | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file. | |||||
CVE-2017-14128 | 1 Gnu | 1 Binutils | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file. | |||||
CVE-2017-14122 | 2 Debian, Rarlab | 2 Debian Linux, Unrar | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp. | |||||
CVE-2017-14034 | 1 Libbpg Project | 1 Libbpg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact. | |||||
CVE-2017-13878 | 1 Apple | 1 Mac Os X | 2024-11-21 | 5.6 MEDIUM | 7.1 HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash). | |||||
CVE-2017-13875 | 1 Apple | 1 Mac Os X | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app. | |||||
CVE-2017-13817 | 1 Apple | 1 Mac Os X | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions. | |||||
CVE-2017-13769 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. | |||||
CVE-2017-13765 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation. | |||||
CVE-2017-13757 | 1 Gnu | 1 Binutils | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c. | |||||
CVE-2017-13755 | 2 Debian, Sleuthkit | 2 Debian Linux, The Sleuth Kit | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls. | |||||
CVE-2017-13744 | 1 Liblouis | 1 Liblouis | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0. | |||||
CVE-2017-13738 | 1 Liblouis | 1 Liblouis | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0. | |||||
CVE-2017-13725 | 2 Debian, Tcpdump | 2 Debian Linux, Tcpdump | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). |