Total
6546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13000 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print(). | |||||
| CVE-2017-10928 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. | |||||
| CVE-2017-11054 | 1 Google | 1 Android | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur. | |||||
| CVE-2018-8809 | 1 Radare | 1 Radare2 | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file. | |||||
| CVE-2018-8101 | 1 Xpdfreader | 1 Xpdf | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. | |||||
| CVE-2017-12378 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2019-10-03 | 7.1 HIGH | 5.5 MEDIUM |
| ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device. | |||||
| CVE-2018-18581 | 1 Lupng Project | 1 Lupng | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer over-read in internalPrintf in miniz/lupng.c. | |||||
| CVE-2017-8234 | 1 Google | 1 Android | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function. | |||||
| CVE-2017-16384 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2019-10-03 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the exif processing module for a PNG file (during XPS conversion). Invalid input leads to a computation where pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc. | |||||
| CVE-2017-9955 | 1 Gnu | 1 Binutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program. | |||||
| CVE-2018-16413 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. | |||||
| CVE-2017-2974 | 1 Adobe | 1 Digital Editions | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2017-13007 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print(). | |||||
| CVE-2017-2976 | 1 Adobe | 1 Digital Editions | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2017-11126 | 1 Mpg123 | 1 Mpg123 | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870. | |||||
| CVE-2017-13052 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print(). | |||||
| CVE-2017-2980 | 1 Adobe | 1 Digital Editions | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-13866 | 1 Hdfgroup | 1 Hdf5 | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c. | |||||
| CVE-2018-16764 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an IR::FunctionValidationContext::catch_all heap-based buffer over-read. | |||||
| CVE-2018-17435 | 1 Hdfgroup | 1 Hdf5 | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file. | |||||