Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-3798

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Jul, 2007 | 22:00
Updated At-15 Oct, 2024 | 14:18
Rejected At-
Credits

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Jul, 2007 | 22:00
Updated At:15 Oct, 2024 | 14:18
Rejected At:
▼CVE Numbering Authority (CNA)

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.redhat.com/support/errata/RHSA-2007-0387.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/26231
third-party-advisory
x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2007_16_sr.html
vendor-advisory
x_refsource_SUSE
http://www.vupen.com/english/advisories/2007/4238
vdb-entry
x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
third-party-advisory
x_refsource_CERT
http://secunia.com/advisories/26168
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/27580
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/28136
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/26286
third-party-advisory
x_refsource_SECUNIA
http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c
x_refsource_MISC
http://bugs.gentoo.org/show_bug.cgi?id=184815
x_refsource_CONFIRM
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313
vendor-advisory
x_refsource_SLACKWARE
http://www.mandriva.com/security/advisories?name=MDKSA-2007:148
vendor-advisory
x_refsource_MANDRIVA
http://www.securitytracker.com/id?1018434
vdb-entry
x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2007-0368.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/26263
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/474225/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/26223
third-party-advisory
x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
vendor-advisory
x_refsource_APPLE
http://www.trustix.org/errata/2007/0023/
vendor-advisory
x_refsource_TRUSTIX
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771
vdb-entry
signature
x_refsource_OVAL
http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc
vendor-advisory
x_refsource_FREEBSD
http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12
x_refsource_MISC
http://docs.info.apple.com/article.html?artnum=307179
x_refsource_CONFIRM
http://secunia.com/advisories/26395
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/26266
third-party-advisory
x_refsource_SECUNIA
http://www.turbolinux.com/security/2007/TLSA-2007-46.txt
vendor-advisory
x_refsource_TURBO
http://secunia.com/advisories/26521
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/2578
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/26404
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/26135
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-492-1
vendor-advisory
x_refsource_UBUNTU
http://www.debian.org/security/2007/dsa-1353
vendor-advisory
x_refsource_DEBIAN
http://security.gentoo.org/glsa/glsa-200707-14.xml
vendor-advisory
x_refsource_GENTOO
http://www.securityfocus.com/bid/24965
vdb-entry
x_refsource_BID
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0387.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/26231
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.novell.com/linux/security/advisories/2007_16_sr.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.vupen.com/english/advisories/2007/4238
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://secunia.com/advisories/26168
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/27580
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/28136
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/26286
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c
Resource:
x_refsource_MISC
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=184815
Resource:
x_refsource_CONFIRM
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:148
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.securitytracker.com/id?1018434
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0368.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/26263
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/474225/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/26223
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.trustix.org/errata/2007/0023/
Resource:
vendor-advisory
x_refsource_TRUSTIX
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc
Resource:
vendor-advisory
x_refsource_FREEBSD
Hyperlink: http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12
Resource:
x_refsource_MISC
Hyperlink: http://docs.info.apple.com/article.html?artnum=307179
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/26395
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/26266
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.turbolinux.com/security/2007/TLSA-2007-46.txt
Resource:
vendor-advisory
x_refsource_TURBO
Hyperlink: http://secunia.com/advisories/26521
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2007/2578
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/26404
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/26135
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/usn-492-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.debian.org/security/2007/dsa-1353
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://security.gentoo.org/glsa/glsa-200707-14.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.securityfocus.com/bid/24965
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.redhat.com/support/errata/RHSA-2007-0387.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/26231
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.novell.com/linux/security/advisories/2007_16_sr.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.vupen.com/english/advisories/2007/4238
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://secunia.com/advisories/26168
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/27580
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/28136
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/26286
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c
x_refsource_MISC
x_transferred
http://bugs.gentoo.org/show_bug.cgi?id=184815
x_refsource_CONFIRM
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2007:148
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.securitytracker.com/id?1018434
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.redhat.com/support/errata/RHSA-2007-0368.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/26263
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/474225/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/26223
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.trustix.org/errata/2007/0023/
vendor-advisory
x_refsource_TRUSTIX
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc
vendor-advisory
x_refsource_FREEBSD
x_transferred
http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12
x_refsource_MISC
x_transferred
http://docs.info.apple.com/article.html?artnum=307179
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/26395
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/26266
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.turbolinux.com/security/2007/TLSA-2007-46.txt
vendor-advisory
x_refsource_TURBO
x_transferred
http://secunia.com/advisories/26521
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2007/2578
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/26404
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/26135
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/usn-492-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.debian.org/security/2007/dsa-1353
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://security.gentoo.org/glsa/glsa-200707-14.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.securityfocus.com/bid/24965
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0387.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/26231
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2007_16_sr.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/4238
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://secunia.com/advisories/26168
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/27580
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/28136
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/26286
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=184815
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:148
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.securitytracker.com/id?1018434
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0368.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/26263
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/474225/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/26223
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.trustix.org/errata/2007/0023/
Resource:
vendor-advisory
x_refsource_TRUSTIX
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc
Resource:
vendor-advisory
x_refsource_FREEBSD
x_transferred
Hyperlink: http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://docs.info.apple.com/article.html?artnum=307179
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/26395
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/26266
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.turbolinux.com/security/2007/TLSA-2007-46.txt
Resource:
vendor-advisory
x_refsource_TURBO
x_transferred
Hyperlink: http://secunia.com/advisories/26521
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/2578
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/26404
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/26135
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-492-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.debian.org/security/2007/dsa-1353
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200707-14.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.securityfocus.com/bid/24965
Resource:
vdb-entry
x_refsource_BID
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-252CWE-252 Unchecked Return Value
Type: CWE
CWE ID: CWE-252
Description: CWE-252 Unchecked Return Value
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Jul, 2007 | 22:30
Updated At:15 Oct, 2024 | 15:35

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches

tcpdump & libpcap
tcpdump
>>tcpdump>>Versions up to 3.9.6(inclusive)
cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.06
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.10
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>7.04
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>3.1
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>4.0
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Slackware
slackware
>>slackware>>9.0
cpe:2.3:a:slackware:slackware:9.0:*:*:*:*:*:*:*
Slackware
slackware
>>slackware>>9.1
cpe:2.3:a:slackware:slackware:9.1:*:*:*:*:*:*:*
Slackware
slackware
>>slackware>>10.0
cpe:2.3:a:slackware:slackware:10.0:*:*:*:*:*:*:*
Slackware
slackware
>>slackware>>10.1
cpe:2.3:a:slackware:slackware:10.1:*:*:*:*:*:*:*
Slackware
slackware
>>slackware>>10.2
cpe:2.3:a:slackware:slackware:10.2:*:*:*:*:*:*:*
Slackware
slackware
>>slackware>>11.0
cpe:2.3:a:slackware:slackware:11.0:*:*:*:*:*:*:*
Slackware
slackware
>>slackware>>12.0
cpe:2.3:a:slackware:slackware:12.0:*:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>Versions from 5.0(inclusive) to 5.5(exclusive)
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>Versions from 6.0(inclusive) to 6.1(exclusive)
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:-:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p1:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p11:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p12:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p13:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p14:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p2:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p3:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p4:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p5:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p7:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p8:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p9:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:-:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p1:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p10:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p11:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p12:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p13:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p16:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p17:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p18:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p2:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p4:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p6:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p7:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p9:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.2
cpe:2.3:o:freebsd:freebsd:6.2:-:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.2
cpe:2.3:o:freebsd:freebsd:6.2:p1:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.2
cpe:2.3:o:freebsd:freebsd:6.2:p4:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.2
cpe:2.3:o:freebsd:freebsd:6.2:p5:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.2
cpe:2.3:o:freebsd:freebsd:6.2:p6:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>Versions from 10.0.0(inclusive) to 10.4.11(exclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>Versions from 10.0.0(inclusive) to 10.4.11(exclusive)
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-252Primarynvd@nist.gov
CWE-252Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-252
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-252
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

Organization : Red Hat
Last Modified : 2007-07-31T00:00:00

This issue does not affect the version of tcpdump shipped in Red Hat Enterprise Linux 2.1 or 3. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250275 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/

References
HyperlinkSourceResource
http://bugs.gentoo.org/show_bug.cgi?id=184815cve@mitre.org
Third Party Advisory
http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12cve@mitre.org
Broken Link
http://docs.info.apple.com/article.html?artnum=307179cve@mitre.org
Broken Link
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.htmlcve@mitre.org
Mailing List
http://secunia.com/advisories/26135cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/26168cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/26223cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/26231cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/26263cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/26266cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/26286cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/26395cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/26404cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/26521cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/27580cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/28136cve@mitre.org
Broken Link
Vendor Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asccve@mitre.org
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200707-14.xmlcve@mitre.org
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313cve@mitre.org
Mailing List
Patch
http://www.debian.org/security/2007/dsa-1353cve@mitre.org
Third Party Advisory
http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.ccve@mitre.org
Exploit
http://www.mandriva.com/security/advisories?name=MDKSA-2007:148cve@mitre.org
Third Party Advisory
http://www.novell.com/linux/security/advisories/2007_16_sr.htmlcve@mitre.org
Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0368.htmlcve@mitre.org
Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0387.htmlcve@mitre.org
Broken Link
Vendor Advisory
http://www.securityfocus.com/archive/1/474225/100/0/threadedcve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/24965cve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1018434cve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.trustix.org/errata/2007/0023/cve@mitre.org
Broken Link
http://www.turbolinux.com/security/2007/TLSA-2007-46.txtcve@mitre.org
Broken Link
http://www.ubuntu.com/usn/usn-492-1cve@mitre.org
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA07-352A.htmlcve@mitre.org
Broken Link
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2007/2578cve@mitre.org
Broken Link
Vendor Advisory
http://www.vupen.com/english/advisories/2007/4238cve@mitre.org
Broken Link
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771cve@mitre.org
Broken Link
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=184815
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://docs.info.apple.com/article.html?artnum=307179
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: http://secunia.com/advisories/26135
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/26168
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/26223
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/26231
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/26263
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/26266
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/26286
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/26395
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/26404
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/26521
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/27580
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28136
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200707-14.xml
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: http://www.debian.org/security/2007/dsa-1353
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:148
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.novell.com/linux/security/advisories/2007_16_sr.html
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0368.html
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0387.html
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/474225/100/0/threaded
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/24965
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1018434
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.trustix.org/errata/2007/0023/
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.turbolinux.com/security/2007/TLSA-2007-46.txt
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.ubuntu.com/usn/usn-492-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2007/2578
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2007/4238
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771
Source: cve@mitre.org
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

4162Records found

CVE-2021-21204
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.40% / 79.66%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 16:25
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCApple Inc.Fedora ProjectDebian GNU/Linux
Product-chromedebian_linuxfedoramac_os_xChrome
CWE ID-CWE-416
Use After Free
CVE-2021-21159
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.69% / 81.47%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 17:46
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-21039
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-13.79% / 94.03%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 19:42
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2018-20545
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.96% / 82.73%
||
7 Day CHG~0.00%
Published-28 Dec, 2018 | 03:00
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.

Action-Not Available
Vendor-libcaca_projectn/aCanonical Ltd.openSUSEFedora Project
Product-ubuntu_linuxfedoralibcacaleapn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-21900
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.29% / 51.49%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 00:00
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librecadn/aDebian GNU/LinuxFedora Project
Product-libdxfrwdebian_linuxfedoraLibreCAD
CWE ID-CWE-416
Use After Free
CVE-2021-21855
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.31% / 53.75%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 12:47
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGPAC
Product-gpacdebian_linuxGPAC
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2941
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-27.68% / 96.26%
||
7 Day CHG~0.00%
Published-05 Nov, 2010 | 16:28
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

Action-Not Available
Vendor-n/aSUSEDebian GNU/LinuxCanonical Ltd.Fedora ProjectRed Hat, Inc.openSUSEApple Inc.
Product-ubuntu_linuxenterprise_linuxfedoradebian_linuxopensuselinux_enterpriselinux_enterprise_serverenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopcupsmac_os_xmac_os_x_servern/a
CWE ID-CWE-416
Use After Free
CVE-2010-3793
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.06% / 76.73%
||
7 Day CHG~0.00%
Published-16 Nov, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimemac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-3794
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.06% / 76.73%
||
7 Day CHG~0.00%
Published-16 Nov, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-3788
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.06% / 76.73%
||
7 Day CHG~0.00%
Published-16 Nov, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimemac_os_xmac_os_x_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3844
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.11%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 21:47
Updated-07 Aug, 2024 | 03:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.

Action-Not Available
Vendor-ettercap-projectettercapDebian GNU/Linux
Product-debian_linuxettercapettercap
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-17539
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.60% / 68.42%
||
7 Day CHG~0.00%
Published-14 Oct, 2019 | 01:09
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxFFmpeg
Product-ubuntu_linuxffmpegdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-21226
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-1.35% / 79.30%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 16:56
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-21191
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.99% / 75.92%
||
7 Day CHG~0.00%
Published-16 Mar, 2021 | 14:10
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2018-20762
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.43%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 23:00
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GPAC
Product-gpacubuntu_linuxdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-20750
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.19% / 91.86%
||
7 Day CHG~0.00%
Published-30 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.
Product-simatic_itc1500_pro_firmwareubuntu_linuxdebian_linuxsimatic_itc1500_prosimatic_itc1500simatic_itc1900simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prosimatic_itc2200_pro_firmwarelibvncserversimatic_itc1900_prosimatic_itc2200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-9381
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.71% / 71.35%
||
7 Day CHG~0.00%
Published-03 Sep, 2019 | 04:52
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.

Action-Not Available
Vendor-freetypen/aDebian GNU/Linux
Product-freetypedebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-21041
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-13.79% / 94.03%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 19:42
Updated-16 Sep, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2018-20506
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-17.97% / 94.90%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:50
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

Action-Not Available
Vendor-sqliten/aopenSUSEMicrosoft CorporationApple Inc.
Product-itunesiphone_oswatchostvossqlitemac_os_xwindowsicloudleapn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-8955
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-14.21% / 94.12%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 21:58
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).

Action-Not Available
Vendor-weechatn/aDebian GNU/LinuxopenSUSEFedora Project
Product-debian_linuxfedoraweechatbackports_sleleapn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-21850
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.28%
||
7 Day CHG~0.00%
Published-25 Aug, 2021 | 18:26
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGPAC
Product-gpacdebian_linuxGPAC Project
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-19541
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.25% / 78.50%
||
7 Day CHG~0.00%
Published-26 Nov, 2018 | 03:00
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.

Action-Not Available
Vendor-n/aCanonical Ltd.SUSEJasPerDebian GNU/Linux
Product-ubuntu_linuxlinux_enterprise_serverdebian_linuxlinux_enterprise_desktopjaspern/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-21854
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.31% / 53.75%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 12:47
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGPAC
Product-gpacdebian_linuxGPAC
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-19216
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 46.12%
||
7 Day CHG-0.01%
Published-12 Nov, 2018 | 19:00
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.

Action-Not Available
Vendor-nasmn/aDebian GNU/Linux
Product-debian_linuxnetwide_assemblern/a
CWE ID-CWE-416
Use After Free
CVE-2015-8812
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.95% / 91.72%
||
7 Day CHG~0.00%
Published-27 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.

Action-Not Available
Vendor-n/aNovellLinux Kernel Organization, IncCanonical Ltd.
Product-suse_linux_enterprise_real_time_extensionlinux_kernelubuntu_linuxn/a
CVE-2021-21843
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.42%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 12:33
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. After validating the number of ranges, at [41] the library will multiply the count by the size of the GF_SubsegmentRangeInfo structure. On a 32-bit platform, this multiplication can result in an integer overflow causing the space of the array being allocated to be less than expected. An attacker can convince a user to open a video to trigger this vulnerability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGPAC
Product-gpacdebian_linuxGPAC
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-21772
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-3.75% / 87.56%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 00:00
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-3mfn/aDebian GNU/LinuxFedora Project
Product-lib3mfdebian_linuxfedora3MF
CWE ID-CWE-416
Use After Free
CVE-2010-2497
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.09% / 83.32%
||
7 Day CHG~0.00%
Published-19 Aug, 2010 | 17:43
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Action-Not Available
Vendor-freetypen/aDebian GNU/LinuxApple Inc.
Product-debian_linuxmac_os_xfreetypen/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2019-16459
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.82% / 89.09%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 14:56
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2018-18342
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.00% / 82.89%
||
7 Day CHG~0.00%
Published-11 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-2500
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.65% / 85.18%
||
7 Day CHG~0.00%
Published-19 Aug, 2010 | 17:43
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Action-Not Available
Vendor-freetypen/aCanonical Ltd.Apple Inc.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmac_os_xfreetypen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2010-2527
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.33% / 84.20%
||
7 Day CHG~0.00%
Published-19 Aug, 2010 | 17:43
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Action-Not Available
Vendor-freetypen/aDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxfreetypen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2010-2498
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.65% / 85.18%
||
7 Day CHG~0.00%
Published-19 Aug, 2010 | 17:43
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.

Action-Not Available
Vendor-freetypen/aCanonical Ltd.Apple Inc.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmac_os_xfreetypen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-8365
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.62% / 69.26%
||
7 Day CHG~0.00%
Published-26 Nov, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data.

Action-Not Available
Vendor-n/aFFmpegCanonical Ltd.
Product-ffmpegubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-21847
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.30% / 53.10%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 12:25
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stts” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGPAC
Product-gpacdebian_linuxGPAC
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2519
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-4.52% / 88.72%
||
7 Day CHG~0.00%
Published-19 Aug, 2010 | 17:43
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file.

Action-Not Available
Vendor-freetypen/aCanonical Ltd.Apple Inc.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmac_os_xfreetypen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-18338
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-11 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-debian_linuxchromelinux_workstationlinux_serverlinux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21180
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.28% / 78.78%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 17:46
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2010-2806
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-9.38% / 92.47%
||
7 Day CHG~0.00%
Published-19 Aug, 2010 | 17:43
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.

Action-Not Available
Vendor-freetypen/aCanonical Ltd.Apple Inc.
Product-ubuntu_linuxfreetypeiphone_ostvosmac_os_xn/a
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2010-2805
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-5.63% / 89.98%
||
7 Day CHG~0.00%
Published-19 Aug, 2010 | 17:43
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Action-Not Available
Vendor-freetypen/aCanonical Ltd.Apple Inc.
Product-ubuntu_linuxfreetypeiphone_ostvosmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-21028
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-20.30% / 95.30%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 19:42
Updated-17 Sep, 2024 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2015-7105
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.53% / 84.85%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchostvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7984
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.48% / 80.24%
||
7 Day CHG~0.00%
Published-19 Nov, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.

Action-Not Available
Vendor-n/aDebian GNU/LinuxHorde LLC
Product-groupwaredebian_linuxhorde_application_frameworkn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-16448
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.82% / 89.09%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 14:37
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcmacoswindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2015-6993
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.87% / 82.33%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6995
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-10.59% / 92.98%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2499
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.38% / 86.89%
||
7 Day CHG~0.00%
Published-19 Aug, 2010 | 17:43
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.

Action-Not Available
Vendor-freetypen/aCanonical Ltd.Apple Inc.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmac_os_xfreetypen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2010-2541
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.21% / 86.52%
||
7 Day CHG~0.00%
Published-19 Aug, 2010 | 17:43
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Action-Not Available
Vendor-freetypen/aCanonical Ltd.
Product-ubuntu_linuxfreetypen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2010-2067
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.80% / 85.56%
||
7 Day CHG~0.00%
Published-23 Jun, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.

Action-Not Available
Vendor-n/aLibTIFFCanonical Ltd.
Product-ubuntu_linuxlibtiffn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-21861
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.28%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 19:07
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGPAC
Product-gpacdebian_linuxGPAC Project
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-681
Incorrect Conversion between Numeric Types
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 83
  • 84
  • Next
Details not found