Vulnerabilities (CVE)

Filtered by CWE-787
Total 5698 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-11295 1 Google 1 Android 2018-11-09 7.2 HIGH 7.8 HIGH
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WMA handler carries a fixed event data from the firmware to the host . If the length and anqp length from this event data exceeds the max length, an OOB write would happen.
CVE-2018-11296 1 Google 1 Android 2018-11-09 7.2 HIGH 7.8 HIGH
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a message from firmware in WLAN handler, a buffer overwrite can occur.
CVE-2018-11852 1 Google 1 Android 2018-11-09 7.2 HIGH 7.8 HIGH
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write.
CVE-2018-11903 1 Google 1 Android 2018-11-08 7.2 HIGH 7.8 HIGH
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from caller function used as an array index for WMA interfaces can lead to OOB write in WLAN HOST.
CVE-2018-16376 1 Uclouvain 1 Openjpeg 2018-10-31 6.8 MEDIUM 8.8 HIGH
An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
CVE-2017-9226 3 Oniguruma Project, Php, Ruby-lang 3 Oniguruma, Php, Ruby 2018-10-31 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.
CVE-2018-10471 2 Debian, Xen 2 Debian Linux, Xen 2018-10-31 4.9 MEDIUM 6.5 MEDIUM
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.
CVE-2016-6855 4 Canonical, Fedoraproject, Gnome and 1 more 6 Ubuntu Linux, Fedora, Eye Of Gnome and 3 more 2018-10-30 5.0 MEDIUM 7.5 HIGH
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.
CVE-2016-3991 2 Libtiff, Oracle 2 Libtiff, Vm Server 2018-10-30 6.8 MEDIUM 7.8 HIGH
Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.
CVE-2016-3945 2 Libtiff, Oracle 2 Libtiff, Vm Server 2018-10-30 6.8 MEDIUM 7.8 HIGH
Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.
CVE-2016-9959 4 Game-music-emu Project, Opensuse, Opensuse Project and 1 more 9 Game-music-emu, Leap, Opensuse and 6 more 2018-10-30 6.8 MEDIUM 7.8 HIGH
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
CVE-2016-3632 2 Libtiff, Oracle 2 Libtiff, Vm Server 2018-10-30 6.8 MEDIUM 7.8 HIGH
The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.
CVE-2016-6207 3 Debian, Libgd, Opensuse 3 Debian Linux, Libgd, Leap 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
CVE-2016-3990 2 Libtiff, Oracle 2 Libtiff, Vm Server 2018-10-30 6.8 MEDIUM 7.8 HIGH
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.
CVE-2017-1000363 2 Debian, Linux 2 Debian Linux, Linux Kernel 2018-10-30 7.2 HIGH 7.8 HIGH
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.
CVE-2018-16642 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2018-10-25 4.3 MEDIUM 6.5 MEDIUM
The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write.
CVE-2017-14075 1 Jungo 1 Windriver 2018-10-17 7.2 HIGH 7.8 HIGH
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.
CVE-2018-6973 1 Vmware 2 Fusion, Workstation 2018-10-15 7.2 HIGH 8.8 HIGH
VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.
CVE-2016-5399 1 Php 1 Php 2018-10-09 6.8 MEDIUM 7.8 HIGH
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
CVE-2018-14944 1 Jpeg Encoder Project 1 Jpeg Encoder 2018-10-04 6.8 MEDIUM 7.8 HIGH
An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write.