Total
6260 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7300 | 1 Gnu | 1 Binutils | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash. | |||||
CVE-2016-10169 | 1 Wavpack Project | 1 Wavpack | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. | |||||
CVE-2017-6840 | 1 Podofo Project | 1 Podofo | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file. | |||||
CVE-2016-9036 | 1 Tarantool | 1 Msgpuck | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer, resulting in a denial of service vulnerability. | |||||
CVE-2017-5897 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. | |||||
CVE-2017-5335 | 2 Gnu, Opensuse | 2 Gnutls, Leap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. | |||||
CVE-2017-8363 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | |||||
CVE-2016-7449 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string. | |||||
CVE-2016-10171 | 1 Wavpack Project | 1 Wavpack | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. | |||||
CVE-2016-10070 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. | |||||
CVE-2017-5834 | 1 Libimobiledevice | 1 Libplist | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file. | |||||
CVE-2017-9189 | 1 Autotrace Project | 1 Autotrace | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and application crash), related to the GET_COLOR function in color.c:16:11. | |||||
CVE-2017-6304 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read." | |||||
CVE-2017-2806 | 1 Lexmark | 1 Perceptive Document Filters | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400 | |||||
CVE-2016-2372 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2024-02-28 | 4.9 MEDIUM | 5.9 MEDIUM |
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user. | |||||
CVE-2016-5322 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. | |||||
CVE-2017-8294 | 1 Virustotal | 1 Yara | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function. | |||||
CVE-2017-3060 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2017-8362 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. | |||||
CVE-2017-5556 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. |