Total
4813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11541 | 1 Tcpdump | 1 Tcpdump | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c. | |||||
| CVE-2017-11540 | 1 Imagemagick | 1 Imagemagick | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c. | |||||
| CVE-2017-11535 | 1 Imagemagick | 1 Imagemagick | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c. | |||||
| CVE-2017-18294 | 1 Qualcomm | 48 Fsm9055, Fsm9055 Firmware, Mdm9206 and 45 more | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
| While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. | |||||
| CVE-2017-11533 | 1 Imagemagick | 1 Imagemagick | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c. | |||||
| CVE-2017-18246 | 1 Libav | 1 Libav | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted media file. | |||||
| CVE-2017-11423 | 2 Clamav, Libmspack Project | 2 Clamav, Libmspack | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. | |||||
| CVE-2017-18212 | 1 Jerryscript | 1 Jerryscript | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function in lit/lit-char-helpers.c via a RegExp("[\x0"); payload. | |||||
| CVE-2017-18130 | 1 Qualcomm | 44 Mdm9206, Mdm9206 Firmware, Mdm9607 and 41 more | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, while playing an ASF file, a buffer over-read can potentially occur. | |||||
| CVE-2017-11341 | 1 Libsass | 1 Libsass | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. | |||||
| CVE-2017-18069 | 1 Google | 1 Android | 2019-10-02 | 7.8 HIGH | 7.5 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper message length calculation in oem_cmd_handler() while processing a WLAN_NL_MSG_OEM netlink message leads to buffer overread. | |||||
| CVE-2017-11336 | 1 Exiv2 | 1 Exiv2 | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | |||||
| CVE-2017-18009 | 1 Opencv | 1 Opencv | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp. | |||||
| CVE-2017-11126 | 1 Mpg123 | 1 Mpg123 | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870. | |||||
| CVE-2017-11117 | 1 Openexif Project | 1 Openexif | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ExifImageFile::readDHT function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted jpg file. | |||||
| CVE-2017-17942 | 1 Libtiff | 1 Libtiff | 2019-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. | |||||
| CVE-2017-17935 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. | |||||
| CVE-2017-11116 | 1 Openexif Project | 1 Openexif | 2019-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| The ExifImageFile::readDQT function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted jpg file. | |||||
| CVE-2018-18581 | 1 Lupng Project | 1 Lupng | 2019-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer over-read in internalPrintf in miniz/lupng.c. | |||||
| CVE-2017-17880 | 1 Imagemagick | 1 Imagemagick | 2019-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. | |||||