Vulnerabilities (CVE)

Filtered by CWE-125
Total 6585 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-14245 2 Debian, Libsndfile Project 2 Debian Linux, Libsndfile 2024-11-21 5.8 MEDIUM 8.1 HIGH
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
CVE-2017-14227 1 Mongodb 1 Mongodb 2024-11-21 5.0 MEDIUM 7.5 HIGH
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c.
CVE-2017-14226 2 Libreoffice, Libwpd 2 Libreoffice, Libwpd 2024-11-21 5.0 MEDIUM 7.5 HIGH
WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application.
CVE-2017-14166 3 Canonical, Debian, Libarchive 3 Ubuntu Linux, Debian Linux, Libarchive 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.
CVE-2017-14132 2 Debian, Jasper Project 2 Debian Linux, Jasper 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.
CVE-2017-14130 1 Gnu 1 Binutils 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.
CVE-2017-14129 1 Gnu 1 Binutils 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.
CVE-2017-14128 1 Gnu 1 Binutils 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.
CVE-2017-14122 2 Debian, Rarlab 2 Debian Linux, Unrar 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.
CVE-2017-14034 1 Libbpg Project 1 Libbpg 2024-11-21 6.8 MEDIUM 8.8 HIGH
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact.
CVE-2017-13878 1 Apple 1 Mac Os X 2024-11-21 5.6 MEDIUM 7.1 HIGH
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash).
CVE-2017-13875 1 Apple 1 Mac Os X 2024-11-21 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.
CVE-2017-13817 1 Apple 1 Mac Os X 2024-11-21 2.1 LOW 5.5 MEDIUM
An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions.
CVE-2017-13769 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.
CVE-2017-13765 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.
CVE-2017-13757 1 Gnu 1 Binutils 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.
CVE-2017-13755 2 Debian, Sleuthkit 2 Debian Linux, The Sleuth Kit 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls.
CVE-2017-13744 1 Liblouis 1 Liblouis 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0.
CVE-2017-13738 1 Liblouis 1 Liblouis 2024-11-21 6.8 MEDIUM 8.8 HIGH
There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0.
CVE-2017-13725 2 Debian, Tcpdump 2 Debian Linux, Tcpdump 2024-11-21 7.5 HIGH 9.8 CRITICAL
The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().