Search
Total
4471 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12991 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). | |||||
| CVE-2017-9165 | 1 Autotrace Project | 1 Autotrace | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11. | |||||
| CVE-2017-12967 | 1 Gnu | 1 Binutils | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. | |||||
| CVE-2017-9164 | 1 Autotrace Project | 1 Autotrace | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:16:11. | |||||
| CVE-2017-9152 | 1 Autotrace Project | 1 Autotrace | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in input-pnm.c:346:41. | |||||
| CVE-2017-12957 | 1 Exiv2 | 1 Exiv2 | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service. | |||||
| CVE-2017-9117 | 2 Canonical, Libtiff | 2 Ubuntu Linux, Libtiff | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff. | |||||
| CVE-2017-9207 | 1 Entropymine | 1 Imageworsener | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c. | |||||
| CVE-2017-13012 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). | |||||
| CVE-2017-9058 | 2 Canonical, Ytnef Project | 2 Ubuntu Linux, Ytnef | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. | |||||
| CVE-2017-12988 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse(). | |||||
| CVE-2017-12951 | 1 Libgig0 | 1 Libgig | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file. | |||||
| CVE-2017-13010 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart(). | |||||
| CVE-2017-9206 | 1 Entropymine | 1 Imageworsener | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c. | |||||
| CVE-2017-12986 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). | |||||
| CVE-2017-12985 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print(). | |||||
| CVE-2017-8787 | 1 Podofo Project | 1 Podofo | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file. | |||||
| CVE-2017-12937 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. | |||||
| CVE-2017-8393 | 1 Gnu | 1 Binutils | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash. | |||||
| CVE-2017-12933 | 1 Php | 1 Php | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP. | |||||
| CVE-2017-13009 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print(). | |||||
| CVE-2017-8365 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. | |||||
| CVE-2017-8363 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | |||||
| CVE-2017-13008 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). | |||||
| CVE-2017-13007 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print(). | |||||
| CVE-2017-13006 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions. | |||||
| CVE-2017-8268 | 1 Google | 1 Android | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read. | |||||
| CVE-2017-12900 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf(). | |||||
| CVE-2017-12901 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print(). | |||||
| CVE-2017-8256 | 1 Google | 1 Android | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. | |||||
| CVE-2017-8240 | 1 Google | 1 Android | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability. | |||||
| CVE-2017-8234 | 1 Google | 1 Android | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function. | |||||
| CVE-2017-12898 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply(). | |||||
| CVE-2017-7939 | 1 Entropymine | 1 Imageworsener | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file. | |||||
| CVE-2017-12897 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print(). | |||||
| CVE-2017-7960 | 1 Gnome | 1 Libcroco | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. | |||||
| CVE-2017-7854 | 1 Radare | 1 Radare2 | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | |||||
| CVE-2017-7813 | 1 Mozilla | 1 Firefox | 2019-10-03 | 6.4 MEDIUM | 8.2 HIGH |
| Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56. | |||||
| CVE-2017-12895 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). | |||||
| CVE-2017-12894 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). | |||||
| CVE-2017-12893 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len(). | |||||
| CVE-2017-10995 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image. | |||||
| CVE-2017-7716 | 1 Radare | 1 Radare2 | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | |||||
| CVE-2017-7623 | 1 Entropymine | 1 Imageworsener | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | |||||
| CVE-2017-7612 | 3 Canonical, Debian, Elfutils Project | 3 Ubuntu Linux, Debian Linux, Elfutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||||
| CVE-2017-13005 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter(). | |||||
| CVE-2017-7611 | 3 Canonical, Debian, Elfutils Project | 3 Ubuntu Linux, Debian Linux, Elfutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||||
| CVE-2017-7610 | 3 Canonical, Debian, Elfutils Project | 3 Ubuntu Linux, Debian Linux, Elfutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||||
| CVE-2017-7608 | 3 Canonical, Debian, Elfutils Project | 3 Ubuntu Linux, Debian Linux, Elfutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||||
| CVE-2017-13003 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). | |||||