Total
6260 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7208 | 1 Libav | 1 Libav | 2024-02-28 | 5.8 MEDIUM | 7.1 HIGH |
The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. | |||||
CVE-2016-10195 | 2 Debian, Libevent Project | 2 Debian Linux, Libevent | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read. | |||||
CVE-2016-7502 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode. | |||||
CVE-2017-7607 | 1 Elfutils Project | 1 Elfutils | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||||
CVE-2016-9809 | 1 Gstreamer | 1 Gstreamer | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. | |||||
CVE-2016-8680 | 1 Libdwarf Project | 1 Libdwarf | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. | |||||
CVE-2016-3178 | 1 Miniupnp Project | 1 Minissdpd | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value. | |||||
CVE-2017-7718 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions. | |||||
CVE-2016-10198 | 1 Gstreamer Project | 1 Gstreamer | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. | |||||
CVE-2017-5209 | 1 Libimobiledevice | 1 Libplist | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data. | |||||
CVE-2016-5316 | 3 Libtiff, Opensuse, Opensuse Project | 3 Libtiff, Opensuse, Leap | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool. | |||||
CVE-2017-7454 | 1 Entropymine | 1 Imageworsener | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | |||||
CVE-2017-6969 | 1 Gnu | 1 Binutils | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. | |||||
CVE-2016-10161 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. | |||||
CVE-2017-2450 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-28 | 5.8 MEDIUM | 7.1 HIGH |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file. | |||||
CVE-2016-9297 | 1 Libtiff | 1 Libtiff | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. | |||||
CVE-2017-3051 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of JPEG files. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2015-8763 | 1 Freeradius | 1 Freeradius | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read. | |||||
CVE-2016-9276 | 1 Libdwarf Project | 1 Libdwarf | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). | |||||
CVE-2016-9642 | 1 Webkit | 1 Webkit | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file. |