Total
4813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5718 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-01-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check. | |||||
| CVE-2019-19817 | 1 Gonitro | 1 Nitro Free Pdf Reader | 2020-01-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x2e8a Out-of-Bounds Read via crafted Unicode content. | |||||
| CVE-2018-13305 | 1 Ffmpeg | 1 Ffmpeg | 2020-01-13 | 5.8 MEDIUM | 8.1 HIGH |
| In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. | |||||
| CVE-2017-11577 | 1 Fontforge | 1 Fontforge | 2020-01-13 | 6.8 MEDIUM | 7.8 HIGH |
| FontForge 20161012 is vulnerable to a buffer over-read in getsid (parsettf.c) resulting in DoS or code execution via a crafted otf file. | |||||
| CVE-2017-11575 | 1 Fontforge | 1 Fontforge | 2020-01-13 | 6.8 MEDIUM | 7.8 HIGH |
| FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c) resulting in DoS or code execution via a crafted otf file, related to a call from the readttfcopyrights function in parsettf.c. | |||||
| CVE-2017-11573 | 1 Fontforge | 1 Fontforge | 2020-01-13 | 6.8 MEDIUM | 7.8 HIGH |
| FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS or code execution via a crafted otf file. | |||||
| CVE-2017-11572 | 1 Fontforge | 1 Fontforge | 2020-01-13 | 6.8 MEDIUM | 7.8 HIGH |
| FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code execution via a crafted otf file. | |||||
| CVE-2017-11570 | 1 Fontforge | 1 Fontforge | 2020-01-13 | 6.8 MEDIUM | 7.8 HIGH |
| FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c) resulting in DoS or code execution via a crafted otf file. | |||||
| CVE-2017-11568 | 1 Fontforge | 1 Fontforge | 2020-01-13 | 6.8 MEDIUM | 7.8 HIGH |
| FontForge 20161012 is vulnerable to a heap-based buffer over-read in PSCharStringToSplines (psread.c) resulting in DoS or code execution via a crafted otf file. | |||||
| CVE-2020-6622 | 1 Nothings | 1 Stb Truetype.h | 2020-01-09 | 6.8 MEDIUM | 8.8 HIGH |
| stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8. | |||||
| CVE-2020-6621 | 1 Nothings | 1 Stb Truetype.h | 2020-01-09 | 6.8 MEDIUM | 8.8 HIGH |
| stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT. | |||||
| CVE-2020-6620 | 1 Nothings | 1 Stb Truetype.h | 2020-01-09 | 6.8 MEDIUM | 8.8 HIGH |
| stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8. | |||||
| CVE-2020-6618 | 1 Nothings | 1 Stb Truetype.h | 2020-01-09 | 6.8 MEDIUM | 8.8 HIGH |
| stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table. | |||||
| CVE-2019-20005 | 1 Ezxml Project | 1 Ezxml | 2020-01-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished). | |||||
| CVE-2017-16353 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2020-01-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked. | |||||
| CVE-2017-14314 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2020-01-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file. | |||||
| CVE-2019-2204 | 1 Google | 1 Android | 2020-01-08 | 10.0 HIGH | 9.8 CRITICAL |
| In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9 Android ID: A-138442295 | |||||
| CVE-2019-20087 | 1 Gopro | 1 Gpmf-parser | 2020-01-08 | 6.8 MEDIUM | 8.8 HIGH |
| GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the "matching tags" feature. | |||||
| CVE-2019-20086 | 1 Gopro | 1 Gpmf-parser | 2020-01-08 | 6.8 MEDIUM | 8.8 HIGH |
| GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c. | |||||
| CVE-2019-20219 | 1 Miniupnp Project | 1 Ngiflib | 2020-01-08 | 6.8 MEDIUM | 8.8 HIGH |
| ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c. | |||||