Total
4813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13017 | 1 Tcpdump | 1 Tcpdump | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print(). | |||||
| CVE-2017-14860 | 1 Exiv2 | 1 Exiv2 | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | |||||
| CVE-2017-14910 | 1 Qualcomm | 42 Mdm9206, Mdm9206 Firmware, Mdm9607 and 39 more | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 MDM9607, MDM9650, S820A, S820Am, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 835, and SD 845, a buffer overread is possible if there are no newlines in an input file. | |||||
| CVE-2018-12503 | 1 Tinyexr Project | 1 Tinyexr | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h. | |||||
| CVE-2017-14733 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||||
| CVE-2017-14731 | 1 Libofx Project | 1 Libofx | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call. | |||||
| CVE-2017-14646 | 1 Axiosys | 1 Bento4 | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp. | |||||
| CVE-2017-14645 | 1 Bento4 | 1 Bento4 | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer over-read was discovered in AP4_BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version 1.5.0-617. The vulnerability causes an application crash, which leads to remote denial of service. | |||||
| CVE-2018-12248 | 1 Mruby | 1 Mruby | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber. | |||||
| CVE-2017-14643 | 1 Bento4 | 1 Bento4 | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0-617 uses an incorrect character data type, leading to a heap-based buffer over-read and application crash in AP4_BytesToUInt32BE in Core/Ap4Utils.h. | |||||
| CVE-2018-12092 | 1 Tinyexr Project | 1 Tinyexr | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code. | |||||
| CVE-2018-12064 | 1 Tinyexr Project | 1 Tinyexr | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h. | |||||
| CVE-2017-14529 | 1 Gnu | 1 Binutils | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function. | |||||
| CVE-2017-14502 | 1 Libarchive | 1 Libarchive | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. | |||||
| CVE-2018-11724 | 1 Libmobi Project | 1 Libmobi | 2019-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file. | |||||
| CVE-2018-11625 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file. | |||||
| CVE-2017-14248 | 1 Imagemagick | 1 Imagemagick | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file. | |||||
| CVE-2017-14227 | 1 Mongodb | 1 Mongodb | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. | |||||
| CVE-2018-11503 | 2 Debian, Discount Project | 2 Debian Linux, Discount | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. | |||||
| CVE-2018-11468 | 2 Debian, Discount Project | 2 Debian Linux, Discount | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. | |||||