Search
Total
1936 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9453 | 1 Google | 1 Android | 2018-12-13 | 4.9 MEDIUM | 5.5 MEDIUM |
| In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78288378. | |||||
| CVE-2018-9437 | 1 Google | 1 Android | 2018-12-12 | 7.1 HIGH | 5.5 MEDIUM |
| In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78656554. | |||||
| CVE-2018-9451 | 1 Google | 1 Android | 2018-12-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79488511. | |||||
| CVE-2018-9454 | 1 Google | 1 Android | 2018-12-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78286118. | |||||
| CVE-2018-19390 | 1 Foxitsoftware | 1 Foxit Reader | 2018-12-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via TIFF data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue. | |||||
| CVE-2018-19389 | 1 Foxitsoftware | 1 Foxit Reader | 2018-12-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via BMP data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue. | |||||
| CVE-2018-19388 | 1 Foxitsoftware | 1 Foxit Reader | 2018-12-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue. | |||||
| CVE-2017-18281 | 1 Google | 1 Android | 2018-12-11 | 2.1 LOW | 5.5 MEDIUM |
| A bool variable in Video function, which gets typecasted to int before being read could result in an out of bound read access in all Android releases from CAF using the linux kernel | |||||
| CVE-2018-18827 | 1 Libav | 1 Libav | 2018-12-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. | |||||
| CVE-2018-12366 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2018-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | |||||
| CVE-2018-18481 | 1 Libopencad Project | 1 Libopencad | 2018-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer over-read exists in libopencad 0.2.0 in the ReadCHAR function in lib/dwg/io.cpp, resulting in an application crash. | |||||
| CVE-2018-18480 | 1 Libopencad Project | 1 Libopencad | 2018-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer over-read exists in libopencad 0.2.0 in the ReadMCHAR function in lib/dwg/io.cpp, resulting in an application crash. | |||||
| CVE-2018-18455 | 1 Xpdfreader | 1 Xpdf | 2018-11-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | |||||
| CVE-2018-18456 | 1 Xpdfreader | 1 Xpdf | 2018-11-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | |||||
| CVE-2016-8688 | 2 Libarchive, Opensuse | 2 Libarchive, Leap | 2018-11-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c. | |||||
| CVE-2015-8915 | 1 Libarchive | 1 Libarchive | 2018-11-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file. | |||||
| CVE-2018-16982 | 1 Byvoid | 1 Open Chinese Convert | 2018-11-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial of service (segmentation fault) because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file. | |||||
| CVE-2018-17292 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2018-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denial of Service (application crash caused by out-of-bounds read) by crafting a file that has fewer than 4 bytes. | |||||
| CVE-2018-9502 | 1 Google | 1 Android | 2018-11-20 | 6.1 MEDIUM | 6.5 MEDIUM |
| In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111936792 | |||||
| CVE-2018-9505 | 1 Google | 1 Android | 2018-11-20 | 6.1 MEDIUM | 6.5 MEDIUM |
| In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110791536 | |||||
| CVE-2018-9506 | 1 Google | 1 Android | 2018-11-20 | 6.1 MEDIUM | 6.5 MEDIUM |
| In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111803925 | |||||
| CVE-2018-9507 | 1 Google | 1 Android | 2018-11-20 | 6.1 MEDIUM | 6.5 MEDIUM |
| In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111893951 | |||||
| CVE-2018-9508 | 1 Google | 1 Android | 2018-11-20 | 6.1 MEDIUM | 6.5 MEDIUM |
| In smp_process_keypress_notification of smp_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-111936834 | |||||
| CVE-2018-6038 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2018-17235 | 1 Mp4v2 Project | 1 Mp4v2 | 2018-11-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service. | |||||
| CVE-2017-15844 | 1 Google | 1 Android | 2018-11-09 | 2.1 LOW | 5.5 MEDIUM |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized memory can be written to flash. | |||||
| CVE-2018-11293 | 1 Google | 1 Android | 2018-11-09 | 3.3 LOW | 5.7 MEDIUM |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. If they are not checked, it may cause buffer over-read once the value is too large. | |||||
| CVE-2017-12618 | 1 Apache | 1 Portable Runtime Utility | 2018-10-31 | 1.9 LOW | 4.7 MEDIUM |
| Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service. | |||||
| CVE-2018-15157 | 1 Libfsclfs Project | 1 Libfsclfs | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** The libfsclfs_block_read function in libfsclfs_block.c in libfsclfs before 2018-07-25 allows remote attackers to cause a heap-based buffer over-read via a crafted clfs file. NOTE: the vendor has disputed this as described in the GitHub issue comments. | |||||
| CVE-2018-15158 | 1 Libesedb Project | 1 Libesedb | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** The libesedb_page_read_values function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments. | |||||
| CVE-2018-15159 | 1 Libesedb Project | 1 Libesedb | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments. | |||||
| CVE-2018-15160 | 1 Libesedb Project | 1 Libesedb | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments. | |||||
| CVE-2016-6161 | 3 Debian, Libgd, Opensuse | 3 Debian Linux, Libgd, Leap | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image. | |||||
| CVE-2016-8568 | 4 Fedoraproject, Libgit2 Project, Opensuse and 1 more | 5 Fedora, Libgit2, Leap and 2 more | 2018-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. | |||||
| CVE-2014-9844 | 5 Canonical, Imagemagick, Opensuse and 2 more | 10 Ubuntu Linux, Imagemagick, Opensuse and 7 more | 2018-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. | |||||
| CVE-2016-3625 | 1 Libtiff | 1 Libtiff | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. | |||||
| CVE-2016-5316 | 3 Libtiff, Opensuse, Opensuse Project | 3 Libtiff, Opensuse, Leap | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool. | |||||
| CVE-2014-8127 | 2 Libtiff, Opensuse | 2 Libtiff, Opensuse | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool. | |||||
| CVE-2016-6905 | 2 Libgd, Opensuse | 3 Libgd, Leap, Opensuse | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. | |||||
| CVE-2016-6132 | 3 Debian, Libgd, Opensuse | 3 Debian Linux, Libgd, Leap | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. | |||||
| CVE-2016-6214 | 3 Debian, Libgd, Opensuse | 3 Debian Linux, Libgd, Leap | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. | |||||
| CVE-2018-12824 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2018-10-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-1000668 | 1 Jsish | 1 Jsish | 2018-10-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to have been fixed in 2.4.71. | |||||
| CVE-2018-15161 | 1 Libesedb Project | 1 Libesedb | 2018-10-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments. | |||||
| CVE-2017-6418 | 1 Clamav | 1 Clamav | 2018-10-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. | |||||
| CVE-2017-11722 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-10-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition. | |||||
| CVE-2017-8312 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2018-10-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file. | |||||
| CVE-2018-6970 | 1 Vmware | 2 Horizon Client, Horizon View | 2018-10-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems. | |||||
| CVE-2017-5692 | 1 Intel | 1 Graphics Driver | 2018-10-11 | 2.1 LOW | 5.5 MEDIUM |
| Out-of-bounds read condition in older versions of some Intel Graphics Driver for Windows code branches allows local users to perform a denial of service attack. | |||||
| CVE-2018-1999015 | 1 Ffmpeg | 1 Ffmpeg | 2018-09-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later. | |||||