Vulnerabilities (CVE)

Filtered by CWE-125
Total 6415 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9658 7 Canonical, Debian, Fedoraproject and 4 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2024-02-28 7.5 HIGH N/A
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
CVE-2014-9669 7 Canonical, Debian, Fedoraproject and 4 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2024-02-28 6.8 MEDIUM N/A
Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.
CVE-2014-1522 4 Canonical, Fedoraproject, Mozilla and 1 more 5 Ubuntu Linux, Fedora, Firefox and 2 more 2024-02-28 9.3 HIGH N/A
The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted content.
CVE-2014-1497 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2024-02-28 6.8 MEDIUM 8.8 HIGH
The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file.
CVE-2014-8483 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Opensuse and 1 more 2024-02-28 5.0 MEDIUM N/A
The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.
CVE-2012-5130 2 Google, Opensuse 2 Chrome, Opensuse 2024-02-28 5.0 MEDIUM N/A
Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2012-0259 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.
CVE-2013-0888 5 Apple, Google, Linux and 2 more 5 Mac Os X, Chrome, Linux Kernel and 2 more 2024-02-28 5.0 MEDIUM N/A
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads."
CVE-2012-1798 4 Debian, Imagemagick, Opensuse and 1 more 10 Debian Linux, Imagemagick, Opensuse and 7 more 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.
CVE-2011-3060 2 Apple, Google 4 Iphone Os, Itunes, Safari and 1 more 2024-02-28 6.8 MEDIUM N/A
Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2012-5109 1 Google 1 Chrome 2024-02-28 5.0 MEDIUM N/A
The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a regular expression.
CVE-2011-3057 1 Google 1 Chrome 2024-02-28 4.3 MEDIUM N/A
Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation.
CVE-2011-3059 2 Apple, Google 4 Iphone Os, Itunes, Safari and 1 more 2024-02-28 6.8 MEDIUM N/A
Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2012-5110 1 Google 1 Chrome 2024-02-28 5.0 MEDIUM N/A
The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3066 1 Google 1 Chrome 2024-02-28 6.8 MEDIUM N/A
Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3040 3 Apple, Google, Opensuse 5 Iphone Os, Itunes, Safari and 2 more 2024-02-28 4.3 MEDIUM N/A
Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
CVE-2011-3893 1 Google 1 Chrome 2024-02-28 5.0 MEDIUM N/A
Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-2794 1 Google 1 Chrome 2024-02-28 6.8 MEDIUM N/A
Google Chrome before 13.0.782.107 does not properly perform text iteration, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3910 1 Google 1 Chrome 2024-02-28 5.0 MEDIUM N/A
Google Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3970 3 Google, Suse, Xmlsoft 5 Chrome, Linux Enterprise Desktop, Linux Enterprise Server and 2 more 2024-02-28 4.3 MEDIUM N/A
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.