Total
4813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16358 | 1 Radare | 1 Radare2 | 2017-11-13 | 6.8 MEDIUM | 7.8 HIGH |
| In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search. | |||||
| CVE-2017-13722 | 1 X.org | 1 Libxfont | 2017-11-12 | 3.6 LOW | 7.1 HIGH |
| In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. | |||||
| CVE-2017-13720 | 1 X.org | 1 Libxfont | 2017-11-12 | 3.6 LOW | 7.1 HIGH |
| In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters. | |||||
| CVE-2017-9359 | 1 Digium | 2 Certified Asterisk, Open Source | 2017-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. | |||||
| CVE-2016-9273 | 1 Libtiff | 1 Libtiff | 2017-11-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. | |||||
| CVE-2016-10270 | 1 Libtiff | 1 Libtiff | 2017-11-03 | 6.8 MEDIUM | 7.8 HIGH |
| LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22. | |||||
| CVE-2016-9297 | 1 Libtiff | 1 Libtiff | 2017-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. | |||||
| CVE-2017-5896 | 1 Artifex | 1 Mupdf | 2017-11-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image. | |||||
| CVE-2017-5978 | 1 Zziplib Project | 1 Zziplib | 2017-11-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file. | |||||
| CVE-2017-7208 | 1 Libav | 1 Libav | 2017-11-03 | 5.8 MEDIUM | 7.1 HIGH |
| The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. | |||||
| CVE-2017-8310 | 1 Videolan | 1 Vlc Media Player | 2017-11-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file. | |||||
| CVE-2017-8313 | 1 Videolan | 1 Vlc Media Player | 2017-11-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file. | |||||
| CVE-2016-6911 | 1 Libgd | 1 Libgd | 2017-11-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. | |||||
| CVE-2016-6906 | 1 Libgd | 1 Libgd | 2017-11-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer. | |||||
| CVE-2017-15932 | 1 Radare | 1 Radare2 | 2017-11-01 | 6.8 MEDIUM | 7.8 HIGH |
| In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems. | |||||
| CVE-2017-15931 | 1 Radare | 1 Radare2 | 2017-11-01 | 6.8 MEDIUM | 7.8 HIGH |
| In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems. | |||||
| CVE-2017-15037 | 1 Freebsd | 1 Freebsd | 2017-10-13 | 6.8 MEDIUM | 8.1 HIGH |
| In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character. | |||||
| CVE-2017-14795 | 1 Libbpg Project | 1 Libbpg | 2017-09-30 | 6.8 MEDIUM | 8.8 HIGH |
| The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg. | |||||
| CVE-2017-14608 | 1 Libraw | 1 Libraw | 2017-09-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. | |||||
| CVE-2017-9041 | 1 Gnu | 1 Binutils | 2017-09-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c. | |||||