Total
8118 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13744 | 1 Liblouis | 1 Liblouis | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0. | |||||
| CVE-2017-11108 | 1 Tcpdump | 1 Tcpdump | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol. | |||||
| CVE-2014-8354 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. | |||||
| CVE-2017-7244 | 1 Pcre | 1 Pcre | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. | |||||
| CVE-2017-9955 | 1 Gnu | 1 Binutils | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program. | |||||
| CVE-2017-3060 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-14821 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5013. | |||||
| CVE-2017-11465 | 1 Ruby-lang | 1 Ruby | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism. | |||||
| CVE-2017-9847 | 1 Libtorrent | 1 Libtorrent | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||||
| CVE-2017-14607 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2025-04-20 | 5.8 MEDIUM | 8.1 HIGH |
| In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. | |||||
| CVE-2015-9099 | 1 Lame Project | 1 Lame | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negative sample rate. | |||||
| CVE-2017-10995 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image. | |||||
| CVE-2016-10028 | 1 Qemu | 1 Qemu | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0. | |||||
| CVE-2017-8393 | 1 Gnu | 1 Binutils | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash. | |||||
| CVE-2017-12443 | 1 Minidjvu Project | 1 Minidjvu | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. | |||||
| CVE-2017-9155 | 1 Autotrace Project | 1 Autotrace | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the input_pnm_reader function in input-pnm.c:243:3. | |||||
| CVE-2017-17500 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. | |||||
| CVE-2017-11568 | 1 Fontforge | 1 Fontforge | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| FontForge 20161012 is vulnerable to a heap-based buffer over-read in PSCharStringToSplines (psread.c) resulting in DoS or code execution via a crafted otf file. | |||||
| CVE-2017-11119 | 1 Nosefart Project | 1 Nosefart | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a in Nosefart 2.9-mls allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted nsf file. | |||||
| CVE-2017-11722 | 1 Graphicsmagick | 1 Graphicsmagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition. | |||||