Vulnerabilities (CVE)

Filtered by CWE-787
Total 5698 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-5087 2 Debian, Xcftools Project 2 Debian Linux, Xcftools 2022-06-21 6.8 MEDIUM 8.8 HIGH
An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. An integer overflow can occur while calculating the row's allocation size, that could be exploited to corrupt memory and eventually execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.
CVE-2019-5076 1 Accusoft 1 Imagegear 2022-06-21 6.8 MEDIUM 8.8 HIGH
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the viction to trigger the vulnerability.
CVE-2019-5083 1 Accusoft 1 Imagegear 2022-06-21 6.8 MEDIUM 8.8 HIGH
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.
CVE-2022-29524 1 Fujielectric 1 V-server 2022-06-21 6.8 MEDIUM 7.8 HIGH
Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
CVE-2021-46816 3 Adobe, Apple, Microsoft 3 Premiere Pro, Macos, Windows 2022-06-21 6.8 MEDIUM 7.8 HIGH
Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.
CVE-2021-46817 3 Adobe, Apple, Microsoft 3 Media Encoder, Macos, Windows 2022-06-21 6.8 MEDIUM 7.8 HIGH
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.
CVE-2021-46818 3 Adobe, Apple, Microsoft 3 Media Encoder, Macos, Windows 2022-06-21 6.8 MEDIUM 7.8 HIGH
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.
CVE-2022-2129 2022-06-21 N/A N/A
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2015-0235 6 Apple, Debian, Gnu and 3 more 17 Mac Os X, Debian Linux, Glibc and 14 more 2022-06-20 10.0 HIGH N/A
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
CVE-2020-10232 1 Sleuthkit 1 The Sleuth Kit 2022-06-20 7.5 HIGH 9.8 CRITICAL
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.
CVE-2021-46814 1 Huawei 3 Emui, Harmonyos, Magic Ui 2022-06-18 5.0 MEDIUM 7.5 HIGH
The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-23943 4 Apache, Debian, Fedoraproject and 1 more 5 Http Server, Debian Linux, Fedora and 2 more 2022-06-17 7.5 HIGH 9.8 CRITICAL
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
CVE-2022-21499 2 Debian, Oracle 2 Debian Linux, Linux 2022-06-17 4.6 MEDIUM 6.7 MEDIUM
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).
CVE-2019-5133 1 Accusoft 1 Imagegear 2022-06-17 6.8 MEDIUM 8.8 HIGH
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll BMP parser of the ImageGear 19.3.0 library. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.
CVE-2019-5132 1 Accusoft 1 Imagegear 2022-06-17 6.8 MEDIUM 8.8 HIGH
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll GEM Raster parser of the Accusoft ImageGear 19.3.0 library. A specially crafted GEM file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.
CVE-2019-5085 1 Leadtools 1 Leadtools 2022-06-17 7.5 HIGH 9.8 CRITICAL
An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.
CVE-2019-5092 1 Leadtools 1 Leadtools 2022-06-17 6.8 MEDIUM 8.8 HIGH
An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20.0.2019.3.15. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a DICOM image to trigger this vulnerability.
CVE-2019-5154 1 Leadtools 1 Leadtools 2022-06-17 6.8 MEDIUM 8.8 HIGH
An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability.
CVE-2019-5093 1 Leadtools 1 Leadtools 2022-06-17 7.5 HIGH 9.8 CRITICAL
An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.
CVE-2019-5144 1 Kakadusoftware 1 Kakadu Software 2022-06-17 6.8 MEDIUM 8.8 HIGH
An exploitable heap underflow vulnerability exists in the derive_taps_and_gains function in kdu_v7ar.dll of Kakadu Software SDK 7.10.2. A specially crafted jp2 file can cause a heap overflow, which can result in remote code execution. An attacker could provide a malformed file to the victim to trigger this vulnerability.