Total
6546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13001 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh(). | |||||
| CVE-2018-6930 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file. | |||||
| CVE-2017-8365 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. | |||||
| CVE-2018-12064 | 1 Tinyexr Project | 1 Tinyexr | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h. | |||||
| CVE-2018-11625 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file. | |||||
| CVE-2017-9935 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution. | |||||
| CVE-2017-12967 | 1 Gnu | 1 Binutils | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. | |||||
| CVE-2017-7206 | 1 Libav | 1 Libav | 2019-10-03 | 5.8 MEDIUM | 7.1 HIGH |
| The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. | |||||
| CVE-2017-11089 | 1 Google | 1 Android | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes | |||||
| CVE-2017-14646 | 1 Axiosys | 1 Bento4 | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp. | |||||
| CVE-2017-13689 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print(). | |||||
| CVE-2017-13040 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions. | |||||
| CVE-2017-8256 | 1 Google | 1 Android | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. | |||||
| CVE-2018-12917 | 1 Pbc Project | 1 Pbc | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| In libpbc.a in PBC through 2017-03-02, there is a heap-based buffer over-read in _pbcM_ip_new in map.c. | |||||
| CVE-2017-6658 | 1 Cisco | 1 Sourcefire Snort | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of 0xFFFF. Increasing the array size solves this problem. | |||||
| CVE-2018-10779 | 2 Canonical, Libtiff | 2 Ubuntu Linux, Libtiff | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. | |||||
| CVE-2018-11432 | 1 Libmobi Project | 1 Libmobi | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. | |||||
| CVE-2017-9195 | 1 Autotrace Project | 1 Autotrace | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:620:27. | |||||
| CVE-2017-7378 | 1 Podofo Project | 1 Podofo | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document. | |||||
| CVE-2018-9135 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. | |||||