Total
5776 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-6891 | 1 Matrixssl | 1 Matrixssl | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate. | |||||
CVE-2017-7854 | 1 Radare | 1 Radare2 | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | |||||
CVE-2017-6840 | 1 Podofo Project | 1 Podofo | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file. | |||||
CVE-2017-5601 | 1 Libarchive | 1 Libarchive | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive. | |||||
CVE-2016-5198 | 1 Google | 1 Chrome | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page. | |||||
CVE-2016-6906 | 1 Libgd | 1 Libgd | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer. | |||||
CVE-2016-10161 | 1 Php | 1 Php | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. | |||||
CVE-2016-8688 | 2 Libarchive, Opensuse | 2 Libarchive, Leap | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c. | |||||
CVE-2017-9189 | 1 Autotrace Project | 1 Autotrace | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and application crash), related to the GET_COLOR function in color.c:16:11. | |||||
CVE-2017-5841 | 1 Gstreamer Project | 1 Gstreamer | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags. | |||||
CVE-2017-9164 | 1 Autotrace Project | 1 Autotrace | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:16:11. | |||||
CVE-2016-7514 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | |||||
CVE-2014-9816 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file. | |||||
CVE-2017-5845 | 1 Gstreamer Project | 1 Gstreamer | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag. | |||||
CVE-2017-7378 | 1 Podofo Project | 1 Podofo | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document. | |||||
CVE-2017-3009 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure. | |||||
CVE-2016-8682 | 3 Debian, Graphicsmagick, Opensuse | 3 Debian Linux, Graphicsmagick, Opensuse | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. | |||||
CVE-2017-5209 | 1 Libimobiledevice | 1 Libplist | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data. | |||||
CVE-2017-7208 | 1 Libav | 1 Libav | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. | |||||
CVE-2016-9539 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092. |