Total
7519 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2374 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution. | |||||
| CVE-2016-5033 | 1 Libdwarf Project | 1 Libdwarf | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||||
| CVE-2016-7532 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | |||||
| CVE-2017-11639 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h. | |||||
| CVE-2017-7300 | 1 Gnu | 1 Binutils | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash. | |||||
| CVE-2017-8817 | 2 Debian, Haxx | 3 Debian Linux, Curl, Libcurl | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character. | |||||
| CVE-2016-2518 | 7 Debian, Freebsd, Netapp and 4 more | 18 Debian Linux, Freebsd, Clustered Data Ontap and 15 more | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | |||||
| CVE-2017-15021 | 1 Gnu | 1 Binutils | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32. | |||||
| CVE-2017-8362 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. | |||||
| CVE-2016-8334 | 1 Foxitsoftware | 1 Reader | 2025-04-20 | 4.3 MEDIUM | 6.8 MEDIUM |
| A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR. | |||||
| CVE-2016-10171 | 1 Wavpack Project | 1 Wavpack | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. | |||||
| CVE-2017-8787 | 1 Podofo Project | 1 Podofo | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file. | |||||
| CVE-2017-7454 | 1 Entropymine | 1 Imageworsener | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | |||||
| CVE-2017-3053 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of the APP13 segment in JPEG files. | |||||
| CVE-2017-16584 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within util.printf. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5290. | |||||
| CVE-2017-13017 | 1 Tcpdump | 1 Tcpdump | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print(). | |||||
| CVE-2017-7036 | 1 Apple | 1 Mac Os X | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
| CVE-2017-11572 | 1 Fontforge | 1 Fontforge | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code execution via a crafted otf file. | |||||
| CVE-2017-11663 | 1 Mindwerks | 1 Wildmidi | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | |||||
| CVE-2016-7516 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file. | |||||