Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-1372

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 Mar, 2008 | 21:00
Updated At-07 Aug, 2024 | 08:17
Rejected At-
Credits

bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 Mar, 2008 | 21:00
Updated At:07 Aug, 2024 | 08:17
Rejected At:
▼CVE Numbering Authority (CNA)

bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://support.apple.com/kb/HT3757
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/41249
vdb-entry
x_refsource_XF
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
vendor-advisory
x_refsource_SUSE
http://www.bzip.org/CHANGES
x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1
vendor-advisory
x_refsource_SUNALERT
http://secunia.com/advisories/36096
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html
vendor-advisory
x_refsource_FEDORA
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc
vendor-advisory
x_refsource_NETBSD
http://www.securityfocus.com/archive/1/498863/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2008/2557
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/31878
third-party-advisory
x_refsource_SECUNIA
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263
vendor-advisory
x_refsource_SLACKWARE
http://secunia.com/advisories/31869
third-party-advisory
x_refsource_SECUNIA
http://www.securitytracker.com/id?1020867
vdb-entry
x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2008-0893.html
vendor-advisory
x_refsource_REDHAT
http://kb.vmware.com/kb/1007504
x_refsource_CONFIRM
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
x_refsource_MISC
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
vendor-advisory
x_refsource_APPLE
http://www.kb.cert.org/vuls/id/813451
third-party-advisory
x_refsource_CERT-VN
https://bugs.gentoo.org/attachment.cgi?id=146488&action=view
x_refsource_CONFIRM
http://kb.vmware.com/kb/1007198
x_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml
vendor-advisory
x_refsource_GENTOO
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html
vendor-advisory
x_refsource_FEDORA
http://kb.vmware.com/kb/1006982
x_refsource_CONFIRM
http://www.ipcop.org/index.php?name=News&file=article&sid=40
x_refsource_CONFIRM
http://secunia.com/advisories/29656
third-party-advisory
x_refsource_SECUNIA
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118
x_refsource_CONFIRM
http://secunia.com/advisories/29475
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/29698
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/29497
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/29940
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/489968/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467
vdb-entry
signature
x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067
vdb-entry
signature
x_refsource_OVAL
http://security.gentoo.org/glsa/glsa-200903-40.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/31204
third-party-advisory
x_refsource_SECUNIA
https://usn.ubuntu.com/590-1/
vendor-advisory
x_refsource_UBUNTU
http://www.mandriva.com/security/advisories?name=MDVSA-2008:075
vendor-advisory
x_refsource_MANDRIVA
http://www.vupen.com/english/advisories/2008/0915
vdb-entry
x_refsource_VUPEN
http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
x_refsource_MISC
http://secunia.com/advisories/29506
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/2172
vdb-entry
x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
third-party-advisory
x_refsource_CERT
http://www.securityfocus.com/bid/28286
vdb-entry
x_refsource_BID
http://secunia.com/advisories/29410
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/29677
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://support.apple.com/kb/HT3757
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/41249
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.bzip.org/CHANGES
Resource:
x_refsource_CONFIRM
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://secunia.com/advisories/36096
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc
Resource:
vendor-advisory
x_refsource_NETBSD
Hyperlink: http://www.securityfocus.com/archive/1/498863/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.vupen.com/english/advisories/2008/2557
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/31878
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://secunia.com/advisories/31869
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securitytracker.com/id?1020867
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0893.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://kb.vmware.com/kb/1007504
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
Resource:
x_refsource_MISC
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.kb.cert.org/vuls/id/813451
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: https://bugs.gentoo.org/attachment.cgi?id=146488&action=view
Resource:
x_refsource_CONFIRM
Hyperlink: http://kb.vmware.com/kb/1007198
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://kb.vmware.com/kb/1006982
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ipcop.org/index.php?name=News&file=article&sid=40
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/29656
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/29475
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/29698
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/29497
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/29940
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/489968/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://security.gentoo.org/glsa/glsa-200903-40.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/31204
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://usn.ubuntu.com/590-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:075
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.vupen.com/english/advisories/2008/0915
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/29506
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2009/2172
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-218A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://www.securityfocus.com/bid/28286
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/29410
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/29677
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://support.apple.com/kb/HT3757
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/41249
vdb-entry
x_refsource_XF
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.bzip.org/CHANGES
x_refsource_CONFIRM
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://secunia.com/advisories/36096
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html
vendor-advisory
x_refsource_FEDORA
x_transferred
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc
vendor-advisory
x_refsource_NETBSD
x_transferred
http://www.securityfocus.com/archive/1/498863/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.vupen.com/english/advisories/2008/2557
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/31878
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://secunia.com/advisories/31869
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securitytracker.com/id?1020867
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0893.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://kb.vmware.com/kb/1007504
x_refsource_CONFIRM
x_transferred
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
x_refsource_MISC
x_transferred
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.kb.cert.org/vuls/id/813451
third-party-advisory
x_refsource_CERT-VN
x_transferred
https://bugs.gentoo.org/attachment.cgi?id=146488&action=view
x_refsource_CONFIRM
x_transferred
http://kb.vmware.com/kb/1007198
x_refsource_CONFIRM
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://kb.vmware.com/kb/1006982
x_refsource_CONFIRM
x_transferred
http://www.ipcop.org/index.php?name=News&file=article&sid=40
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/29656
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/29475
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/29698
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/29497
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/29940
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/489968/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467
vdb-entry
signature
x_refsource_OVAL
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://security.gentoo.org/glsa/glsa-200903-40.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/31204
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://usn.ubuntu.com/590-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:075
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.vupen.com/english/advisories/2008/0915
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
x_refsource_MISC
x_transferred
http://secunia.com/advisories/29506
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2009/2172
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://www.securityfocus.com/bid/28286
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/29410
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/29677
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://support.apple.com/kb/HT3757
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/41249
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.bzip.org/CHANGES
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://secunia.com/advisories/36096
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc
Resource:
vendor-advisory
x_refsource_NETBSD
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/498863/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/2557
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/31878
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://secunia.com/advisories/31869
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securitytracker.com/id?1020867
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0893.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://kb.vmware.com/kb/1007504
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/813451
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: https://bugs.gentoo.org/attachment.cgi?id=146488&action=view
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://kb.vmware.com/kb/1007198
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://kb.vmware.com/kb/1006982
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ipcop.org/index.php?name=News&file=article&sid=40
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/29656
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/29475
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/29698
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/29497
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/29940
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/489968/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200903-40.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/31204
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://usn.ubuntu.com/590-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:075
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/0915
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/29506
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/2172
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-218A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/28286
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/29410
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/29677
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:18 Mar, 2008 | 21:44
Updated At:11 Oct, 2018 | 20:32

bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
bzip
bzip
>>bzip2>>0.9
cpe:2.3:a:bzip:bzip2:0.9:*:*:*:*:*:*:*
bzip
bzip
>>bzip2>>0.9.5a
cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*
bzip
bzip
>>bzip2>>0.9.5b
cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*
bzip
bzip
>>bzip2>>0.9.5c
cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*
bzip
bzip
>>bzip2>>0.9.5d
cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*
bzip
bzip
>>bzip2>>0.9_a
cpe:2.3:a:bzip:bzip2:0.9_a:*:*:*:*:*:*:*
bzip
bzip
>>bzip2>>0.9_b
cpe:2.3:a:bzip:bzip2:0.9_b:*:*:*:*:*:*:*
bzip
bzip
>>bzip2>>0.9_c
cpe:2.3:a:bzip:bzip2:0.9_c:*:*:*:*:*:*:*
bzip
bzip
>>bzip2>>1.0
cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*
bzip
bzip
>>bzip2>>1.0.1
cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*
bzip
bzip
>>bzip2>>1.0.2
cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:*
bzip
bzip
>>bzip2>>1.0.3
cpe:2.3:a:bzip:bzip2:1.0.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2008-10-17T00:00:00

Red Hat has re-evaluated the potential impact of this flaw and has released an update which corrects this behavior: http://rhn.redhat.com/errata/RHSA-2008-0893.html

References
HyperlinkSourceResource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asccve@mitre.org
N/A
http://kb.vmware.com/kb/1006982cve@mitre.org
N/A
http://kb.vmware.com/kb/1007198cve@mitre.org
N/A
http://kb.vmware.com/kb/1007504cve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.htmlcve@mitre.org
N/A
http://secunia.com/advisories/29410cve@mitre.org
N/A
http://secunia.com/advisories/29475cve@mitre.org
N/A
http://secunia.com/advisories/29497cve@mitre.org
N/A
http://secunia.com/advisories/29506cve@mitre.org
N/A
http://secunia.com/advisories/29656cve@mitre.org
N/A
http://secunia.com/advisories/29677cve@mitre.org
N/A
http://secunia.com/advisories/29698cve@mitre.org
N/A
http://secunia.com/advisories/29940cve@mitre.org
N/A
http://secunia.com/advisories/31204cve@mitre.org
N/A
http://secunia.com/advisories/31869cve@mitre.org
N/A
http://secunia.com/advisories/31878cve@mitre.org
N/A
http://secunia.com/advisories/36096cve@mitre.org
N/A
http://security.gentoo.org/glsa/glsa-200903-40.xmlcve@mitre.org
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1cve@mitre.org
N/A
http://support.apple.com/kb/HT3757cve@mitre.org
N/A
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118cve@mitre.org
N/A
http://www.bzip.org/CHANGEScve@mitre.org
N/A
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.htmlcve@mitre.org
N/A
http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/cve@mitre.org
N/A
http://www.gentoo.org/security/en/glsa/glsa-200804-02.xmlcve@mitre.org
N/A
http://www.ipcop.org/index.php?name=News&file=article&sid=40cve@mitre.org
N/A
http://www.kb.cert.org/vuls/id/813451cve@mitre.org
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2008:075cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2008-0893.htmlcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/489968/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/498863/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/28286cve@mitre.org
Exploit
http://www.securitytracker.com/id?1020867cve@mitre.org
N/A
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263cve@mitre.org
N/A
http://www.us-cert.gov/cas/techalerts/TA09-218A.htmlcve@mitre.org
US Government Resource
http://www.vupen.com/english/advisories/2008/0915cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2008/2557cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/2172cve@mitre.org
N/A
https://bugs.gentoo.org/attachment.cgi?id=146488&action=viewcve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/41249cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467cve@mitre.org
N/A
https://usn.ubuntu.com/590-1/cve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.htmlcve@mitre.org
N/A
Hyperlink: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://kb.vmware.com/kb/1006982
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://kb.vmware.com/kb/1007198
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://kb.vmware.com/kb/1007504
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/29410
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/29475
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/29497
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/29506
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/29656
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/29677
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/29698
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/29940
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/31204
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/31869
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/31878
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36096
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200903-40.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3757
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.bzip.org/CHANGES
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ipcop.org/index.php?name=News&file=article&sid=40
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/813451
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:075
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0893.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/489968/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/498863/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/28286
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.securitytracker.com/id?1020867
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-218A.html
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2008/0915
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/2557
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/2172
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugs.gentoo.org/attachment.cgi?id=146488&action=view
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/41249
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://usn.ubuntu.com/590-1/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

507Records found
CVE-2016-5321
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 39.06%
||
7 Day CHG~0.00%
Published-20 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.

Action-Not Available
Vendor-n/aopenSUSELibTIFF
Product-opensuselibtiffn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-6207
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-5.02% / 89.32%
||
7 Day CHG~0.00%
Published-12 Aug, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.

Action-Not Available
Vendor-libgdn/aThe PHP GroupDebian GNU/LinuxopenSUSE
Product-libgddebian_linuxleapphpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-6416
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.89% / 74.56%
||
7 Day CHG~0.00%
Published-05 Oct, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-web_security_applianceemail_security_appliancecontent_security_management_appliancen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-5319
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.20% / 78.11%
||
7 Day CHG~0.00%
Published-20 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5315
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.55% / 80.70%
||
7 Day CHG~0.00%
Published-21 Feb, 2018 | 16:00
Updated-06 Aug, 2024 | 06:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.

Action-Not Available
Vendor-w1.fin/aDebian GNU/Linux
Product-wpa_supplicantdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4528
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5||MEDIUM
EPSS-0.14% / 34.78%
||
7 Day CHG~0.00%
Published-25 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-webaccessn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4796
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 50.58%
||
7 Day CHG~0.00%
Published-03 Feb, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.

Action-Not Available
Vendor-uclouvainn/aFedora Project
Product-fedoraopenjpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4663
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.25%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4415
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.39% / 59.01%
||
7 Day CHG~0.00%
Published-01 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4417
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.22% / 44.20%
||
7 Day CHG~0.00%
Published-01 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4416
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-01 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5314
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.55% / 80.70%
||
7 Day CHG~0.00%
Published-21 Feb, 2018 | 16:00
Updated-06 Aug, 2024 | 06:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.

Action-Not Available
Vendor-w1.fin/aDebian GNU/Linux
Product-wpa_supplicantdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4079
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.23% / 45.50%
||
7 Day CHG~0.00%
Published-25 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxOracle Corporation
Product-wiresharkdebian_linuxsolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3182
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.57% / 67.62%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 00:03
Updated-05 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file.

Action-Not Available
Vendor-uclouvainn/a
Product-openjpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3941
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.31% / 53.35%
||
7 Day CHG~0.00%
Published-18 Apr, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."

Action-Not Available
Vendor-n/aVideoLANCanonical Ltd.
Product-vlc_media_playerubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3977
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.84% / 73.71%
||
7 Day CHG-0.14%
Published-21 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.

Action-Not Available
Vendor-giflib_projectn/aopenSUSE
Product-opensusegiflibn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4080
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.36% / 57.22%
||
7 Day CHG~0.00%
Published-25 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2531
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.43% / 79.85%
||
7 Day CHG~0.00%
Published-28 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1688
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-4.87% / 89.15%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Google LLCDebian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverv8leapopensuseubuntu_linuxenterprise_linux_desktopenterprise_linux_workstationchromedebian_linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2213
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.68% / 70.71%
||
7 Day CHG~0.00%
Published-03 Feb, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-46333
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.04%
||
7 Day CHG~0.00%
Published-20 Jan, 2022 | 21:14
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moddable SDK v11.5.0 was discovered to contain an invalid memory access vulnerability via the component __asan_memmove.

Action-Not Available
Vendor-moddablen/a
Product-moddable_sdkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2541
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.86% / 74.10%
||
7 Day CHG~0.00%
Published-07 Feb, 2018 | 17:00
Updated-05 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file.

Action-Not Available
Vendor-audacityteamn/a
Product-audacityn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2073
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.51% / 80.42%
||
7 Day CHG~0.00%
Published-12 Feb, 2016 | 15:26
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)Debian GNU/LinuxCanonical Ltd.
Product-libxml2debian_linuxubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1685
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.45% / 79.99%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverleapopensuseenterprise_linux_desktopenterprise_linux_workstationchromedebian_linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1686
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.45% / 79.99%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverleapopensuseenterprise_linux_desktopenterprise_linux_workstationchromedebian_linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2037
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-19.45% / 95.17%
||
7 Day CHG~0.00%
Published-22 Feb, 2016 | 15:05
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGNU
Product-debian_linuxcpion/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2522
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.22% / 44.20%
||
7 Day CHG~0.00%
Published-28 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-45762
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.39%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_sg_vrml_mf_reset(). This vulnerability allows attackers to cause a Denial of Service (DoS).

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2532
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.43% / 79.85%
||
7 Day CHG~0.00%
Published-28 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2530
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.43% / 79.85%
||
7 Day CHG~0.00%
Published-28 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1924
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.92% / 75.08%
||
7 Day CHG~0.00%
Published-27 Jan, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

Action-Not Available
Vendor-uclouvainn/a
Product-openjpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-45760
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.79%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_list_last(). This vulnerability allows attackers to cause a Denial of Service (DoS).

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2533
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.18% / 77.92%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.

Action-Not Available
Vendor-python_imaging_projectn/aDebian GNU/LinuxPython Software Foundation
Product-debian_linuxpillowpython_imagingn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1923
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 63.59%
||
7 Day CHG~0.00%
Published-27 Jan, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

Action-Not Available
Vendor-uclouvainn/a
Product-openjpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2540
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.91% / 74.84%
||
7 Day CHG~0.00%
Published-07 Feb, 2018 | 17:00
Updated-05 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure.

Action-Not Available
Vendor-audacityteamn/a
Product-audacityn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1689
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.73% / 81.70%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Google LLCDebian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverleapopensuseubuntu_linuxenterprise_linux_desktopenterprise_linux_workstationchromedebian_linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-44712
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.49% / 64.48%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:05
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader Memory Corruption could lead to Application denial-of-service

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10713
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.48% / 64.01%
||
7 Day CHG~0.00%
Published-13 Feb, 2018 | 19:00
Updated-06 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.

Action-Not Available
Vendor-n/aGNU
Product-patchn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10095
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 56.69%
||
7 Day CHG~0.00%
Published-01 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-44992
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.01%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 00:23
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at /jerry-core/ecma/operations/ecma-typedarray-object.c in Jerryscript 3.0.0.

Action-Not Available
Vendor-jerryscriptn/a
Product-jerryscriptn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10349
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.50%
||
7 Day CHG~0.00%
Published-01 May, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

Action-Not Available
Vendor-n/alibarchive
Product-libarchiven/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0775
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.37% / 79.44%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxPython Software Foundation
Product-debian_linuxpillown/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10255
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.54% / 66.52%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.

Action-Not Available
Vendor-elfutils_projectn/a
Product-elfutilsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10504
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-6.11% / 90.41%
||
7 Day CHG~0.00%
Published-30 Aug, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.

Action-Not Available
Vendor-uclouvainn/a
Product-openjpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.53% / 80.57%
||
7 Day CHG~0.00%
Published-07 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags.

Action-Not Available
Vendor-qtn/a
Product-qxmlsimplereadern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10254
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.63% / 69.39%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.

Action-Not Available
Vendor-elfutils_projectn/a
Product-elfutilsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10221
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.00%
||
7 Day CHG~0.00%
Published-03 Apr, 2017 | 05:44
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document.

Action-Not Available
Vendor-n/aArtifex Software Inc.
Product-mupdfn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8893
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-11 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8929
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 50.22%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.

Action-Not Available
Vendor-n/alibarchiveSUSE
Product-linux_enterprise_desktoplibarchivelinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8957
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-6.5||MEDIUM
EPSS-0.67% / 70.36%
||
7 Day CHG~0.00%
Published-20 Apr, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 10
  • 11
  • Next
Details not found