Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-125
Total 4813 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-33367 1 Freeimage Project 1 Freeimage 2023-03-02 N/A 5.5 MEDIUM
Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.
CVE-2019-13302 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2023-03-02 6.8 MEDIUM 8.8 HIGH
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages.
CVE-2019-13299 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2023-03-02 6.8 MEDIUM 8.8 HIGH
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel.
CVE-2019-13303 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2023-03-02 6.8 MEDIUM 8.8 HIGH
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage.
CVE-2022-34864 1 Intel 1 Trace Analyzer And Collector 2023-03-01 N/A 7.8 HIGH
Out-of-bounds read in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-21620 2 Adobe, Microsoft 2 Framemaker, Windows 2023-03-01 N/A 5.5 MEDIUM
FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2019-1787 3 Clamav, Debian, Opensuse 3 Clamav, Debian Linux, Leap 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.
CVE-2019-1786 1 Clamav 1 Clamav 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.
CVE-2021-32847 1 Mobyproject 1 Hyperkit 2023-03-01 N/A 6.5 MEDIUM
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior, a malicious guest can trigger a vulnerability in the host by abusing the disk driver that may lead to the disclosure of the host memory into the virtualized guest. This issue is fixed in commit cf60095a4d8c3cb2e182a14415467afd356e982f.
CVE-2019-3832 3 Canonical, Debian, Libsndfile Project 3 Ubuntu Linux, Debian Linux, Libsndfile 2023-03-01 1.9 LOW 5.5 MEDIUM
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.
CVE-2019-12972 3 Canonical, Gnu, Opensuse 3 Ubuntu Linux, Binutils, Leap 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
CVE-2018-19107 4 Canonical, Debian, Exiv2 and 1 more 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more 2023-03-01 4.3 MEDIUM 6.5 MEDIUM
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.
CVE-2019-13283 2 Fedoraproject, Glyphandcog 2 Fedora, Xpdfreader 2023-03-01 6.8 MEDIUM 7.8 HIGH
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
CVE-2019-13286 2 Fedoraproject, Glyphandcog 2 Fedora, Xpdfreader 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure.
CVE-2019-13282 2 Fedoraproject, Glyphandcog 2 Fedora, Xpdfreader 2023-03-01 6.8 MEDIUM 7.8 HIGH
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
CVE-2019-13626 4 Debian, Fedoraproject, Libsdl and 1 more 4 Debian Linux, Fedora, Libsdl and 1 more 2023-03-01 4.3 MEDIUM 6.5 MEDIUM
SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
CVE-2019-5604 1 Freebsd 1 Freebsd 2023-03-01 8.5 HIGH 9.6 CRITICAL
In FreeBSD 12.0-STABLE before r350246, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350247, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, the emulated XHCI device included with the bhyve hypervisor did not properly validate data provided by the guest, allowing an out-of-bounds read. This provides a malicious guest the possibility to crash the system or access system memory.
CVE-2021-37620 3 Debian, Exiv2, Fedoraproject 3 Debian Linux, Exiv2, Fedora 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.
CVE-2019-11007 4 Canonical, Debian, Graphicsmagick and 1 more 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more 2023-03-01 5.8 MEDIUM 8.1 HIGH
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.
CVE-2022-35267 1 Robustel 2 R1510, R1510 Firmware 2023-02-28 N/A 7.5 HIGH
A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_https_cert_file/` API.