Total
5776 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7716 | 1 Radare | 1 Radare2 | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | |||||
CVE-2016-5687 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read. | |||||
CVE-2016-10172 | 1 Wavpack Project | 1 Wavpack | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. | |||||
CVE-2017-9177 | 1 Autotrace Project | 1 Autotrace | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:390:12. | |||||
CVE-2017-3022 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when parsing the header of a JPEG 2000 file. | |||||
CVE-2017-2977 | 1 Adobe | 1 Digital Editions | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||||
CVE-2017-5504 | 1 Jasper Project | 1 Jasper | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image. | |||||
CVE-2017-6851 | 1 Jasper Project | 1 Jasper | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image. | |||||
CVE-2016-9555 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. | |||||
CVE-2017-3021 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser engine. | |||||
CVE-2016-2367 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2023-12-10 | 3.5 LOW | 5.9 MEDIUM |
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user. | |||||
CVE-2017-7483 | 2 Debian, Rxvt Project | 2 Debian Linux, Rxvt | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read. | |||||
CVE-2016-8681 | 1 Libdwarf Project | 1 Libdwarf | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. | |||||
CVE-2017-5897 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. | |||||
CVE-2017-7263 | 1 Potrace Project | 1 Potrace | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8698. | |||||
CVE-2016-9918 | 1 Bluez Project | 1 Bluez | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. | |||||
CVE-2016-5826 | 1 Libical Project | 1 Libical | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function. | |||||
CVE-2016-7410 | 1 Libdwarf Project | 1 Libdwarf | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file. | |||||
CVE-2017-7206 | 1 Libav | 1 Libav | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. | |||||
CVE-2016-7516 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file. |