Total
6561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3658 | 1 Libtiff | 1 Libtiff | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. | |||||
| CVE-2016-3634 | 1 Libtiff | 1 Libtiff | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching. | |||||
| CVE-2016-3633 | 1 Libtiff | 1 Libtiff | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable. | |||||
| CVE-2016-3631 | 1 Libtiff | 1 Libtiff | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable. | |||||
| CVE-2016-3625 | 1 Libtiff | 1 Libtiff | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. | |||||
| CVE-2016-3621 | 1 Libtiff | 1 Libtiff | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. | |||||
| CVE-2016-3620 | 1 Libtiff | 1 Libtiff | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. | |||||
| CVE-2016-3619 | 1 Libtiff | 1 Libtiff | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. | |||||
| CVE-2016-3183 | 1 Uclouvain | 1 Openjpeg | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file. | |||||
| CVE-2016-3178 | 1 Miniupnp Project | 1 Minissdpd | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value. | |||||
| CVE-2016-2827 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values. | |||||
| CVE-2016-2518 | 7 Debian, Freebsd, Netapp and 4 more | 18 Debian Linux, Freebsd, Clustered Data Ontap and 15 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | |||||
| CVE-2016-2380 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2024-11-21 | 4.3 MEDIUM | 3.1 LOW |
| An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read. | |||||
| CVE-2016-2375 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure. | |||||
| CVE-2016-2374 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution. | |||||
| CVE-2016-2373 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability. | |||||
| CVE-2016-2372 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2024-11-21 | 4.9 MEDIUM | 5.9 MEDIUM |
| An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user. | |||||
| CVE-2016-2370 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability. | |||||
| CVE-2016-2367 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2024-11-21 | 3.5 LOW | 5.9 MEDIUM |
| An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user. | |||||
| CVE-2016-2366 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash. | |||||