Total
6546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-16219 | 1 Deltaww | 1 Tpeditor | 2022-09-30 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | |||||
| CVE-2020-35531 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2022-09-29 | N/A | 5.5 MEDIUM |
| In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file. | |||||
| CVE-2020-35532 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2022-09-29 | N/A | 5.5 MEDIUM |
| In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. | |||||
| CVE-2021-3522 | 3 Gstreamer Project, Netapp, Oracle | 12 Gstreamer, Active Iq Unified Manager, E-series Santricity Os Controller and 9 more | 2022-09-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. | |||||
| CVE-2021-27271 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2022-09-27 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in an out-of-bounds read condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12438. | |||||
| CVE-2020-13253 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2022-09-23 | 2.1 LOW | 5.5 MEDIUM |
| sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. | |||||
| CVE-2020-25624 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2022-09-23 | 4.4 MEDIUM | 5.0 MEDIUM |
| hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. | |||||
| CVE-2022-37348 | 2 Microsoft, Trendmicro | 2 Windows, Security | 2022-09-22 | N/A | 5.5 MEDIUM |
| Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347. | |||||
| CVE-2020-35533 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2022-09-21 | N/A | 5.5 MEDIUM |
| In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file. | |||||
| CVE-2022-35705 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-09-21 | N/A | 7.8 HIGH |
| Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-35707 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-09-21 | N/A | 7.8 HIGH |
| Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-18778 | 1 Libav | 1 Libav | 2022-09-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file. | |||||
| CVE-2020-18775 | 1 Libav | 1 Libav | 2022-09-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file. | |||||
| CVE-2020-19750 | 1 Gpac | 1 Gpac | 2022-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read. | |||||
| CVE-2020-19751 | 1 Gpac | 1 Gpac | 2022-09-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read. | |||||
| CVE-2022-38431 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2022-09-20 | N/A | 7.8 HIGH |
| Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-38430 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2022-09-20 | N/A | 7.8 HIGH |
| Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-38429 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2022-09-20 | N/A | 7.8 HIGH |
| Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30676 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-09-20 | N/A | 5.5 MEDIUM |
| Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30673 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-09-20 | N/A | 5.5 MEDIUM |
| Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||