Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9159 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 5.0 MEDIUM | 7.5 HIGH |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_rawpbm function in input-pnm.c:391:15. | |||||
| CVE-2017-9158 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 5.0 MEDIUM | 7.5 HIGH |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_raw function in input-pnm.c:336:11. | |||||
| CVE-2017-9157 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 5.0 MEDIUM | 7.5 HIGH |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:306:14. | |||||
| CVE-2017-9156 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 5.0 MEDIUM | 7.5 HIGH |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:303:12. | |||||
| CVE-2017-8358 | 1 Libreoffice | 1 Libreoffice | 2017-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. | |||||
| CVE-2017-8400 | 1 Swftools | 1 Swftools | 2017-05-12 | 6.8 MEDIUM | 8.8 HIGH |
| In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution. | |||||
| CVE-2016-7531 | 1 Imagemagick | 1 Imagemagick | 2017-05-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file. | |||||
| CVE-2017-7861 | 1 Grpc | 1 Grpc | 2017-04-21 | 7.5 HIGH | 9.8 CRITICAL |
| Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c. | |||||
| CVE-2017-7860 | 1 Grpc | 1 Grpc | 2017-04-21 | 7.5 HIGH | 9.8 CRITICAL |
| Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c. | |||||
| CVE-2017-7866 | 1 Ffmpeg | 1 Ffmpeg | 2017-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. | |||||
| CVE-2017-7859 | 1 Ffmpeg | 1 Ffmpeg | 2017-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. | |||||
| CVE-2017-5949 | 1 Apple | 1 Safari | 2017-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llint/LowLevelInterpreter32_64.asm, and llint/LowLevelInterpreter64.asm. | |||||
| CVE-2017-6439 | 1 Libplist Project | 1 Libplist | 2017-04-04 | 1.9 LOW | 5.0 MEDIUM |
| Heap-based buffer overflow in the parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) via a crafted plist file. | |||||
| CVE-2017-6438 | 1 Libplist Project | 1 Libplist | 2017-04-04 | 4.4 MEDIUM | 7.3 HIGH |
| Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) and possibly code execution via a crafted plist file. | |||||
| CVE-2016-2371 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2017-03-30 | 6.8 MEDIUM | 8.1 HIGH |
| An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution. | |||||
| CVE-2016-5802 | 1 Delta Electronics | 3 Ispsoft, Pmsoft, Wplsoft | 2017-03-14 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write conditions may allow malicious files to be read and executed by the affected software. | |||||
| CVE-2016-6870 | 1 Facebook | 1 Hhvm | 2017-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2016-6237 | 1 Lepton Project | 1 Lepton | 2017-02-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file. | |||||
| CVE-2016-4336 | 1 Lexmark | 1 Perceptive Document Filters | 2017-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right circumstance could potentially be leveraged by an attacker to gain arbitrary code execution. | |||||
| CVE-2016-8877 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2016-11-29 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a "corrupted suffix pattern" issue. | |||||