Vulnerabilities (CVE)

Filtered by CWE-125
Total 6166 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-15844 1 Google 1 Android 2018-11-09 2.1 LOW 5.5 MEDIUM
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized memory can be written to flash.
CVE-2018-11297 1 Google 1 Android 2018-11-09 7.2 HIGH 7.8 HIGH
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is received from FW.
CVE-2018-11293 1 Google 1 Android 2018-11-09 3.3 LOW 5.7 MEDIUM
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. If they are not checked, it may cause buffer over-read once the value is too large.
CVE-2018-11898 1 Google 1 Android 2018-11-09 7.2 HIGH 7.8 HIGH
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing start bss request from upper layer, out of bounds read occurs if ssid length is greater than maximum.
CVE-2017-18198 1 Gnu 1 Libcdio 2018-10-31 6.8 MEDIUM 8.8 HIGH
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.
CVE-2017-12618 1 Apache 1 Portable Runtime Utility 2018-10-31 1.9 LOW 4.7 MEDIUM
Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.
CVE-2016-5316 3 Libtiff, Opensuse, Opensuse Project 3 Libtiff, Opensuse, Leap 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.
CVE-2014-9844 5 Canonical, Imagemagick, Opensuse and 2 more 10 Ubuntu Linux, Imagemagick, Opensuse and 7 more 2018-10-30 4.3 MEDIUM 5.5 MEDIUM
The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
CVE-2016-8682 3 Debian, Graphicsmagick, Opensuse 3 Debian Linux, Graphicsmagick, Opensuse 2018-10-30 5.0 MEDIUM 7.5 HIGH
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.
CVE-2014-9657 7 Canonical, Debian, Fedoraproject and 4 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2018-10-30 7.5 HIGH N/A
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
CVE-2014-9669 7 Canonical, Debian, Fedoraproject and 4 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2018-10-30 6.8 MEDIUM N/A
Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.
CVE-2014-8483 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Opensuse and 1 more 2018-10-30 5.0 MEDIUM N/A
The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.
CVE-2016-6905 2 Libgd, Opensuse 3 Libgd, Leap, Opensuse 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.
CVE-2014-9658 7 Canonical, Debian, Fedoraproject and 4 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2018-10-30 7.5 HIGH N/A
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
CVE-2017-5335 2 Gnu, Opensuse 2 Gnutls, Leap 2018-10-30 5.0 MEDIUM 7.5 HIGH
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
CVE-2016-6132 3 Debian, Libgd, Opensuse 3 Debian Linux, Libgd, Leap 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2016-6161 3 Debian, Libgd, Opensuse 3 Debian Linux, Libgd, Leap 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
CVE-2016-6214 3 Debian, Libgd, Opensuse 3 Debian Linux, Libgd, Leap 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2016-3634 1 Libtiff 1 Libtiff 2018-10-30 5.0 MEDIUM 7.5 HIGH
The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching.
CVE-2016-3625 1 Libtiff 1 Libtiff 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.