Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-125
Total 4813 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-5687 2 Imagemagick, Oracle 2 Imagemagick, Solaris 2016-12-16 7.5 HIGH 9.8 CRITICAL
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
CVE-2016-9539 1 Libtiff 1 Libtiff 2016-12-09 7.5 HIGH 9.8 CRITICAL
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.
CVE-2016-9803 1 Bluez 1 Bluez 2016-12-07 5.0 MEDIUM 5.3 MEDIUM
In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.
CVE-2016-7506 1 Artifex 1 Mujs 2016-12-02 5.0 MEDIUM 7.5 HIGH
An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc. MuJS before 5000749f5afe3b956fc916e407309de840997f4a. A successful exploitation of this issue can lead to code execution or denial of service condition.
CVE-2016-7917 1 Linux 1 Linux Kernel 2016-12-02 4.3 MEDIUM 5.0 MEDIUM
The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability.
CVE-2016-8876 1 Foxitsoftware 2 Phantompdf, Reader 2016-11-29 6.8 MEDIUM 7.5 HIGH
Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka "Read Access Violation starting at FoxitReader."
CVE-2016-8878 1 Foxitsoftware 2 Phantompdf, Reader 2016-11-29 6.8 MEDIUM 8.8 HIGH
Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka "Data from Faulting Address may be used as a return value starting at FOXITREADER."
CVE-2016-8875 1 Foxitsoftware 2 Phantompdf, Reader 2016-11-29 4.3 MEDIUM 5.3 MEDIUM
The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image, aka "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ConvertToPDF_x86!CreateFXPDFConvertor."
CVE-2016-9017 1 Artifex 1 Mujs 2016-11-29 5.0 MEDIUM 7.5 HIGH
Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 allows context-dependent attackers to obtain sensitive information by using the "opname in crafted JavaScript file" approach, related to an "Out-of-Bounds read" issue affecting the jsC_dumpfunction function in the jsdump.c component.
CVE-2016-5352 1 Wireshark 1 Wireshark 2016-11-28 4.3 MEDIUM 5.9 MEDIUM
epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2016-3854 1 Google 1 Android 2016-11-28 6.8 MEDIUM 7.8 HIGH
drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR897326.
CVE-2016-3855 1 Google 1 Android 2016-11-28 6.8 MEDIUM 7.8 HIGH
drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR990824.
CVE-2016-7175 1 Wireshark 1 Wireshark 2016-09-30 4.3 MEDIUM 5.9 MEDIUM
epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.