Total
6260 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-5032 | 1 Libdwarf Project | 1 Libdwarf | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||||
CVE-2014-9837 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file. | |||||
CVE-2017-5838 | 1 Gstreamer Project | 1 Gstreamer | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. | |||||
CVE-2016-5309 | 2 Broadcom, Symantec | 15 Symantec Data Center Security Server, Advanced Threat Protection, Csapi and 12 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression. | |||||
CVE-2017-8401 | 1 Swftools | 1 Swftools | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS. | |||||
CVE-2017-9038 | 1 Gnu | 1 Binutils | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets. | |||||
CVE-2016-7101 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file. | |||||
CVE-2016-7914 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite. | |||||
CVE-2017-2786 | 1 Pharos | 1 Popup | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to an out of bounds read causing a crash and a denial of service. | |||||
CVE-2017-9050 | 1 Xmlsoft | 1 Libxml2 | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. | |||||
CVE-2016-7450 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file. | |||||
CVE-2016-10029 | 1 Qemu | 1 Qemu | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_scanouts. | |||||
CVE-2016-7510 | 1 Libdwarf Project | 1 Libdwarf | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input. | |||||
CVE-2016-5040 | 1 Libdwarf Project | 1 Libdwarf | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header. | |||||
CVE-2017-8365 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. | |||||
CVE-2017-2409 | 1 Apple | 1 Mac Os X | 2024-02-28 | 5.8 MEDIUM | 7.1 HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Menus" component. It allows attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted app. | |||||
CVE-2017-5545 | 1 Libimobiledevice | 1 Libplist | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. | |||||
CVE-2016-9812 | 1 Gstreamer | 1 Gstreamer | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. | |||||
CVE-2016-5825 | 1 Libical Project | 1 Libical | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file. | |||||
CVE-2017-8454 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. |