Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-5503

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-30 Nov, 2007 | 01:00
Updated At-07 Aug, 2024 | 15:31
Rejected At-
Credits

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:30 Nov, 2007 | 01:00
Updated At:07 Aug, 2024 | 15:31
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://issues.rpath.com/browse/RPL-1966
x_refsource_CONFIRM
https://usn.ubuntu.com/550-2/
vendor-advisory
x_refsource_UBUNTU
http://security.gentoo.org/glsa/glsa-201209-25.xml
vendor-advisory
x_refsource_GENTOO
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
x_refsource_CONFIRM
http://secunia.com/advisories/28529
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/28555
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/27985
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/27880
third-party-advisory
x_refsource_SECUNIA
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0015
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=387431
x_refsource_CONFIRM
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.362119
vendor-advisory
x_refsource_SLACKWARE
http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=e49bcde27f88e21d5b8037a0089a226096f6514b
x_refsource_CONFIRM
http://www.debian.org/security/2008/dsa-1542
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/28289
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/support/server/doc/releasenotes_server.html
x_refsource_CONFIRM
http://secunia.com/advisories/28476
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/27887
third-party-advisory
x_refsource_SECUNIA
http://bugs.gentoo.org/show_bug.cgi?id=201860
x_refsource_MISC
http://www.securityfocus.com/bid/26650
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/38771
vdb-entry
x_refsource_XF
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
x_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-200712-24.xml
vendor-advisory
x_refsource_GENTOO
http://www.mandriva.com/security/advisories?name=MDVSA-2008:019
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/27819
third-party-advisory
x_refsource_SECUNIA
https://usn.ubuntu.com/550-1/
vendor-advisory
x_refsource_UBUNTU
http://bugs.gentoo.org/show_bug.cgi?id=200350
x_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00630.html
vendor-advisory
x_refsource_FEDORA
http://security.gentoo.org/glsa/glsa-200712-04.xml
vendor-advisory
x_refsource_GENTOO
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/4045
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/archive/1/495869/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/31711
third-party-advisory
x_refsource_SECUNIA
http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff_plain%3Bh=6020f67f1a49cfe3844c4938d4af24c63c8424cc%3Bhp=c79fc9af334fd6f2d1078071d64178125561b187
x_refsource_CONFIRM
http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360
x_refsource_CONFIRM
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
mailing-list
x_refsource_FULLDISC
http://secunia.com/advisories/31707
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11251
vdb-entry
signature
x_refsource_OVAL
http://www.securitytracker.com/id?1019027
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/28838
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/27775
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/29767
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/486405/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://rhn.redhat.com/errata/RHSA-2007-1078.html
vendor-advisory
x_refsource_REDHAT
http://www.vupen.com/english/advisories/2008/2466
vdb-entry
x_refsource_VUPEN
Hyperlink: https://issues.rpath.com/browse/RPL-1966
Resource:
x_refsource_CONFIRM
Hyperlink: https://usn.ubuntu.com/550-2/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://security.gentoo.org/glsa/glsa-201209-25.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2008-0014.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/28529
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/28555
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/27985
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/27880
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0015
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=387431
Resource:
x_refsource_CONFIRM
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.362119
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=e49bcde27f88e21d5b8037a0089a226096f6514b
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2008/dsa-1542
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/28289
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vmware.com/support/server/doc/releasenotes_server.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/28476
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/27887
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=201860
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/26650
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/38771
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200712-24.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:019
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/27819
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://usn.ubuntu.com/550-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=200350
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00630.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://security.gentoo.org/glsa/glsa-200712-04.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2007/4045
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/archive/1/495869/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/31711
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff_plain%3Bh=6020f67f1a49cfe3844c4938d4af24c63c8424cc%3Bhp=c79fc9af334fd6f2d1078071d64178125561b187
Resource:
x_refsource_CONFIRM
Hyperlink: http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://secunia.com/advisories/31707
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11251
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.securitytracker.com/id?1019027
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/28838
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/27775
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/29767
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/486405/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://rhn.redhat.com/errata/RHSA-2007-1078.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.vupen.com/english/advisories/2008/2466
Resource:
vdb-entry
x_refsource_VUPEN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://issues.rpath.com/browse/RPL-1966
x_refsource_CONFIRM
x_transferred
https://usn.ubuntu.com/550-2/
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://security.gentoo.org/glsa/glsa-201209-25.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/28529
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/28555
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/27985
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/27880
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0015
x_refsource_CONFIRM
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=387431
x_refsource_CONFIRM
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.362119
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=e49bcde27f88e21d5b8037a0089a226096f6514b
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2008/dsa-1542
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/28289
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vmware.com/support/server/doc/releasenotes_server.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/28476
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/27887
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://bugs.gentoo.org/show_bug.cgi?id=201860
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/26650
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/38771
vdb-entry
x_refsource_XF
x_transferred
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
x_refsource_CONFIRM
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200712-24.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:019
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/27819
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://usn.ubuntu.com/550-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://bugs.gentoo.org/show_bug.cgi?id=200350
x_refsource_CONFIRM
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00630.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://security.gentoo.org/glsa/glsa-200712-04.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2007/4045
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/archive/1/495869/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/31711
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff_plain%3Bh=6020f67f1a49cfe3844c4938d4af24c63c8424cc%3Bhp=c79fc9af334fd6f2d1078071d64178125561b187
x_refsource_CONFIRM
x_transferred
http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360
x_refsource_CONFIRM
x_transferred
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
mailing-list
x_refsource_FULLDISC
x_transferred
http://secunia.com/advisories/31707
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11251
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.securitytracker.com/id?1019027
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/28838
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/27775
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/29767
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/486405/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://rhn.redhat.com/errata/RHSA-2007-1078.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.vupen.com/english/advisories/2008/2466
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://issues.rpath.com/browse/RPL-1966
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://usn.ubuntu.com/550-2/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-201209-25.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2008-0014.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/28529
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/28555
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/27985
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/27880
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0015
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=387431
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.362119
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=e49bcde27f88e21d5b8037a0089a226096f6514b
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2008/dsa-1542
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/28289
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vmware.com/support/server/doc/releasenotes_server.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/28476
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/27887
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=201860
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/26650
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/38771
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200712-24.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:019
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/27819
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://usn.ubuntu.com/550-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=200350
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00630.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200712-04.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/4045
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/495869/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/31711
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff_plain%3Bh=6020f67f1a49cfe3844c4938d4af24c63c8424cc%3Bhp=c79fc9af334fd6f2d1078071d64178125561b187
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://secunia.com/advisories/31707
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11251
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.securitytracker.com/id?1019027
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/28838
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/27775
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/29767
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/486405/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2007-1078.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/2466
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:30 Nov, 2007 | 01:46
Updated At:13 Feb, 2023 | 02:18

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Red Hat, Inc.
redhat
>>cairo>>Versions up to 1.4.10(inclusive)
cpe:2.3:a:redhat:cairo:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
CWE ID: CWE-189
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugs.gentoo.org/show_bug.cgi?id=200350secalert@redhat.com
N/A
http://bugs.gentoo.org/show_bug.cgi?id=201860secalert@redhat.com
N/A
http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360secalert@redhat.com
N/A
http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=e49bcde27f88e21d5b8037a0089a226096f6514bsecalert@redhat.com
N/A
http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff_plain%3Bh=6020f67f1a49cfe3844c4938d4af24c63c8424cc%3Bhp=c79fc9af334fd6f2d1078071d64178125561b187secalert@redhat.com
N/A
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2007-1078.htmlsecalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/27775secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27819secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27880secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27887secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27985secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28289secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28476secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28529secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28555secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28838secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/29767secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/31707secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/31711secalert@redhat.com
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200712-04.xmlsecalert@redhat.com
N/A
http://security.gentoo.org/glsa/glsa-201209-25.xmlsecalert@redhat.com
N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.362119secalert@redhat.com
N/A
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0015secalert@redhat.com
N/A
http://www.debian.org/security/2008/dsa-1542secalert@redhat.com
N/A
http://www.gentoo.org/security/en/glsa/glsa-200712-24.xmlsecalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:019secalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/486405/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/495869/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/26650secalert@redhat.com
N/A
http://www.securitytracker.com/id?1019027secalert@redhat.com
N/A
http://www.vmware.com/security/advisories/VMSA-2008-0014.htmlsecalert@redhat.com
N/A
http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlsecalert@redhat.com
N/A
http://www.vmware.com/support/server/doc/releasenotes_server.htmlsecalert@redhat.com
N/A
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlsecalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2007/4045secalert@redhat.com
Vendor Advisory
http://www.vupen.com/english/advisories/2008/2466secalert@redhat.com
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=387431secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/38771secalert@redhat.com
N/A
https://issues.rpath.com/browse/RPL-1966secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11251secalert@redhat.com
N/A
https://usn.ubuntu.com/550-1/secalert@redhat.com
N/A
https://usn.ubuntu.com/550-2/secalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00630.htmlsecalert@redhat.com
N/A
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=200350
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=201860
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff%3Bh=e49bcde27f88e21d5b8037a0089a226096f6514b
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://gitweb.freedesktop.org/?p=cairo%3Ba=commitdiff_plain%3Bh=6020f67f1a49cfe3844c4938d4af24c63c8424cc%3Bhp=c79fc9af334fd6f2d1078071d64178125561b187
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2007-1078.html
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/27775
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/27819
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/27880
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/27887
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/27985
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28289
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28476
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28529
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28555
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28838
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/29767
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/31707
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/31711
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200712-04.xml
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-201209-25.xml
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.362119
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0015
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2008/dsa-1542
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200712-24.xml
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:019
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/486405/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/495869/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/26650
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1019027
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2008-0014.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vmware.com/support/server/doc/releasenotes_server.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2007/4045
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2008/2466
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=387431
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/38771
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://issues.rpath.com/browse/RPL-1966
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11251
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://usn.ubuntu.com/550-1/
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://usn.ubuntu.com/550-2/
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00630.html
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

528Records found
CVE-2006-4811
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-17.40% / 94.80%
||
7 Day CHG~0.00%
Published-18 Oct, 2006 | 17:00
Updated-07 Aug, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.

Action-Not Available
Vendor-qtn/aRed Hat, Inc.
Product-kdelibsqtn/a
CWE ID-CWE-189
Not Available
CVE-2008-1420
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-6.46% / 90.69%
||
7 Day CHG~0.00%
Published-16 May, 2008 | 06:54
Updated-07 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.

Action-Not Available
Vendor-xiph.orgn/aRed Hat, Inc.
Product-libvorbislinux_advanced_workstationenterprise_linuxn/a
CWE ID-CWE-189
Not Available
CVE-2009-0577
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.15% / 86.36%
||
7 Day CHG~0.00%
Published-20 Feb, 2009 | 19:00
Updated-07 Aug, 2024 | 04:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the WriteProlog function in texttops in CUPS 1.1.17 on Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2008-3640.

Action-Not Available
Vendor-n/aRed Hat, Inc.Apple Inc.
Product-cupsenterprise_linuxn/a
CWE ID-CWE-189
Not Available
CVE-2008-1552
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-6.73% / 90.89%
||
7 Day CHG~0.00%
Published-31 Mar, 2008 | 17:00
Updated-07 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.

Action-Not Available
Vendor-silcn/aRed Hat, Inc.
Product-silc_clientsilc_serversilc_toolkitfedorasilcn/a
CWE ID-CWE-189
Not Available
CVE-2008-0073
Matching Score-10
Assigner-Flexera Software LLC
ShareView Details
Matching Score-10
Assigner-Flexera Software LLC
CVSS Score-6.8||MEDIUM
EPSS-2.71% / 85.32%
||
7 Day CHG~0.00%
Published-24 Mar, 2008 | 22:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.

Action-Not Available
Vendor-xinen/aRed Hat, Inc.
Product-fedoraxine-libn/a
CWE ID-CWE-189
Not Available
CVE-2013-5870
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.98% / 75.79%
||
7 Day CHG~0.00%
Published-15 Jan, 2014 | 00:30
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

Action-Not Available
Vendor-n/aRed Hat, Inc.Oracle CorporationHP Inc.
Product-enterprise_linux_workstation_supplementaryjavafxenterprise_linux_server_supplementaryenterprise_linux_server_supplementary_aushp-uxenterprise_linux_hpc_node_supplementaryjdkenterprise_linux_server_supplementary_eusjreenterprise_linux_desktop_supplementaryn/a
CVE-2013-5904
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.96% / 75.50%
||
7 Day CHG~0.00%
Published-15 Jan, 2014 | 01:33
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

Action-Not Available
Vendor-n/aRed Hat, Inc.Oracle CorporationHP Inc.
Product-enterprise_linux_workstation_supplementaryenterprise_linux_server_supplementaryenterprise_linux_server_supplementary_aushp-uxenterprise_linux_hpc_node_supplementaryjdkenterprise_linux_server_supplementary_eusjreenterprise_linux_desktop_supplementaryn/a
CVE-2017-7752
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.88% / 74.37%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2017-7846
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.35% / 79.31%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverthunderbirddebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopThunderbird
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2019-5771
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.53% / 80.54%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Fedora ProjectGoogle LLC
Product-enterprise_linux_serverchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CVE-2019-5770
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.13% / 77.42%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-7814
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.34%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverthunderbirddebian_linuxenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopFirefoxFirefox ESRThunderbird
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7798
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-2.92% / 85.86%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopFirefoxFirefox ESR
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-5760
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.53% / 80.55%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5077
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.91% / 74.89%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Skia in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5036
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.8||HIGH
EPSS-0.28% / 50.91%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android
CWE ID-CWE-416
Use After Free
CVE-2017-5073
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.91% / 74.89%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android
CWE ID-CWE-416
Use After Free
CVE-2017-5114
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.48% / 80.23%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 61.0.3163.79 for Linux, Windows and Mac, and 61.0.3163.81 for Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5332
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.36%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 20:24
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

Action-Not Available
Vendor-icoutils_projectCanonical Ltd.Red Hat, Inc.openSUSEDebian GNU/Linux
Product-ubuntu_linuxicoutilsdebian_linuxenterprise_linux_server_eusopensuseenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_server_tusenterprise_linux_desktopleapicoutils
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5057
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.84% / 73.75%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2017-5436
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.03% / 76.43%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-silDebian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxgraphite2enterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5088
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.91% / 74.89%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 59.0.3071.104 for Mac, Windows and Linux, and 59.0.3071.117 for Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5030
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-63.05% / 98.32%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 23:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||Apply updates per vendor instructions.

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Red Hat, Inc.Google LLCLinux Kernel Organization, IncDebian GNU/Linux
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 57.0.2987.98 for Linux, Windows and Mac, and 57.0.2987.108 for AndroidChromium V8
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5091
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.10% / 77.10%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 60.0.3112.78 for Linux, Android, Windows and Mac
CWE ID-CWE-416
Use After Free
CVE-2017-5108
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.84% / 73.75%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2017-5038
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.3||MEDIUM
EPSS-0.94% / 75.31%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kerneldebian_linuxenterprise_linux_servermacoswindowsGoogle Chrome prior to 57.0.2987.98 for Linux, Windows and Mac
CWE ID-CWE-416
Use After Free
CVE-2017-5062
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.98% / 75.88%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android
CWE ID-CWE-416
Use After Free
CVE-2017-5054
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.54% / 66.73%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 57.0.2987.133 for Linux, Windows and Mac, and 57.0.2987.132 for Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5095
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.59% / 80.88%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kerneldebian_linuxenterprise_linux_servermacoswindowsGoogle Chrome prior to 60.0.3112.78 for Linux, Windows and Mac
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5039
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.8||HIGH
EPSS-0.28% / 50.91%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android
CWE ID-CWE-416
Use After Free
CVE-2017-5059
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.49% / 84.70%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2017-5111
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.48% / 80.23%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelenterprise_linux_serverdebian_linuxmacoswindowsGoogle Chrome prior to 61.0.3163.79 for Linux, Windows and Mac
CWE ID-CWE-416
Use After Free
CVE-2017-5121
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-3.64% / 87.38%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kerneldebian_linuxenterprise_linux_servermacoswindowsGoogle Chrome prior to 61.0.3163.100 for Linux, Windows and Mac
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5208
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.23%
||
7 Day CHG~0.00%
Published-22 Aug, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.

Action-Not Available
Vendor-icoutils_projectn/aRed Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationicoutilsenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_linux_server_ausn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-5044
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.3||MEDIUM
EPSS-1.06% / 76.74%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5098
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-3.37% / 86.85%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android
CWE ID-CWE-416
Use After Free
CVE-2017-5113
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.26% / 78.61%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5063
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.91% / 74.89%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-5762
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.54% / 84.87%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-5772
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6116
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-64.62% / 98.39%
||
7 Day CHG~0.00%
Published-19 Mar, 2019 | 18:27
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.openSUSEFedora ProjectArtifex Software Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_eusghostscriptenterprise_linux_server_ausenterprise_linux_workstationfedoraenterprise_linux_server_tusenterprise_linux_desktopleapn/a
CVE-2019-5758
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5764
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.53% / 80.55%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5761
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.25% / 78.50%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Fedora ProjectGoogle LLC
Product-enterprise_linux_serverchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5763
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-5759
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Apple Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeandroidenterprise_linux_workstationfedoramacosenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CVE-2013-4405
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 33.75%
||
7 Day CHG~0.00%
Published-23 Dec, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_mrgn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-5756
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.54% / 84.87%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CVE-2019-5757
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2013-4486
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.60% / 68.40%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 14:43
Updated-06 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging

Action-Not Available
Vendor-ZanataLinux Kernel Organization, IncRed Hat, Inc.
Product-zanatalinux_kernelZanata
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found