Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-125
Total 4813 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-12937 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2019-10-02 6.8 MEDIUM 8.8 HIGH
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.
CVE-2017-8268 1 Google 1 Android 2019-10-02 9.3 HIGH 7.8 HIGH
In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read.
CVE-2017-8256 1 Google 1 Android 2019-10-02 6.8 MEDIUM 7.8 HIGH
In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses.
CVE-2017-8240 1 Google 1 Android 2019-10-02 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability.
CVE-2017-8234 1 Google 1 Android 2019-10-02 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function.
CVE-2017-12933 1 Php 1 Php 2019-10-02 7.5 HIGH 9.8 CRITICAL
The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
CVE-2017-13010 1 Tcpdump 1 Tcpdump 2019-10-02 7.5 HIGH 9.8 CRITICAL
The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().
CVE-2017-13008 1 Tcpdump 1 Tcpdump 2019-10-02 7.5 HIGH 9.8 CRITICAL
The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
CVE-2017-13009 1 Tcpdump 1 Tcpdump 2019-10-02 7.5 HIGH 9.8 CRITICAL
The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print().
CVE-2017-7960 1 Gnome 1 Libcroco 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.
CVE-2017-7939 1 Entropymine 1 Imageworsener 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
The read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file.
CVE-2017-7854 1 Radare 1 Radare2 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.
CVE-2017-12901 1 Tcpdump 1 Tcpdump 2019-10-02 7.5 HIGH 9.8 CRITICAL
The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().
CVE-2017-7813 1 Mozilla 1 Firefox 2019-10-02 6.4 MEDIUM 8.2 HIGH
Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56.
CVE-2017-12900 1 Tcpdump 1 Tcpdump 2019-10-02 7.5 HIGH 9.8 CRITICAL
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf().
CVE-2017-12898 1 Tcpdump 1 Tcpdump 2019-10-02 7.5 HIGH 9.8 CRITICAL
The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().
CVE-2017-7716 1 Radare 1 Radare2 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.
CVE-2017-12894 1 Tcpdump 1 Tcpdump 2019-10-02 7.5 HIGH 9.8 CRITICAL
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring().
CVE-2017-7623 1 Entropymine 1 Imageworsener 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
CVE-2017-12897 1 Tcpdump 1 Tcpdump 2019-10-02 7.5 HIGH 9.8 CRITICAL
The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().