Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-0196

Summary
Assigner-flexera
Assigner Org ID-44d08088-2bea-4760-83a6-1e9be26b15ab
Published At-16 Apr, 2009 | 15:00
Updated At-07 Aug, 2024 | 04:24
Rejected At-
Credits

Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:flexera
Assigner Org ID:44d08088-2bea-4760-83a6-1e9be26b15ab
Published At:16 Apr, 2009 | 15:00
Updated At:07 Aug, 2024 | 04:24
Rejected At:
â–¼CVE Numbering Authority (CNA)

Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.redhat.com/support/errata/RHSA-2009-0421.html
vendor-advisory
x_refsource_REDHAT
http://www.securityfocus.com/archive/1/502586/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html
vendor-advisory
x_refsource_FEDORA
http://security.gentoo.org/glsa/glsa-201412-17.xml
vendor-advisory
x_refsource_GENTOO
http://www.vupen.com/english/advisories/2009/0983
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/bid/34445
vdb-entry
x_refsource_BID
http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
vendor-advisory
x_refsource_SUNALERT
http://secunia.com/advisories/34292
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/502757/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/34729
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
vendor-advisory
x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533
vdb-entry
signature
x_refsource_OVAL
http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
vendor-advisory
x_refsource_MANDRIVA
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/34732
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/35569
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/1708
vdb-entry
x_refsource_VUPEN
http://www.securitytracker.com/id?1022029
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/35559
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/35416
third-party-advisory
x_refsource_SECUNIA
http://wiki.rpath.com/Advisories:rPSA-2009-0060
x_refsource_CONFIRM
https://usn.ubuntu.com/757-1/
vendor-advisory
x_refsource_UBUNTU
http://osvdb.org/53492
vdb-entry
x_refsource_OSVDB
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/secunia_research/2009-21/
x_refsource_MISC
https://bugzilla.redhat.com/attachment.cgi?id=337747
x_refsource_MISC
http://secunia.com/advisories/34667
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0421.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securityfocus.com/archive/1/502586/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://security.gentoo.org/glsa/glsa-201412-17.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.vupen.com/english/advisories/2009/0983
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/bid/34445
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://secunia.com/advisories/34292
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/502757/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/34729
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/34732
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/35569
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2009/1708
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securitytracker.com/id?1022029
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/35559
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/35416
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0060
Resource:
x_refsource_CONFIRM
Hyperlink: https://usn.ubuntu.com/757-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://osvdb.org/53492
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/secunia_research/2009-21/
Resource:
x_refsource_MISC
Hyperlink: https://bugzilla.redhat.com/attachment.cgi?id=337747
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/34667
Resource:
third-party-advisory
x_refsource_SECUNIA
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.redhat.com/support/errata/RHSA-2009-0421.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securityfocus.com/archive/1/502586/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://security.gentoo.org/glsa/glsa-201412-17.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.vupen.com/english/advisories/2009/0983
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/bid/34445
vdb-entry
x_refsource_BID
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://secunia.com/advisories/34292
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/502757/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/34729
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
vendor-advisory
x_refsource_MANDRIVA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/34732
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/35569
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2009/1708
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securitytracker.com/id?1022029
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/35559
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/35416
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://wiki.rpath.com/Advisories:rPSA-2009-0060
x_refsource_CONFIRM
x_transferred
https://usn.ubuntu.com/757-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://osvdb.org/53492
vdb-entry
x_refsource_OSVDB
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/secunia_research/2009-21/
x_refsource_MISC
x_transferred
https://bugzilla.redhat.com/attachment.cgi?id=337747
x_refsource_MISC
x_transferred
http://secunia.com/advisories/34667
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0421.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/502586/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-201412-17.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/0983
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/34445
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://secunia.com/advisories/34292
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/502757/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/34729
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/34732
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/35569
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1708
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securitytracker.com/id?1022029
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/35559
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/35416
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0060
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://usn.ubuntu.com/757-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://osvdb.org/53492
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/secunia_research/2009-21/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://bugzilla.redhat.com/attachment.cgi?id=337747
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/34667
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:PSIRT-CNA@flexerasoftware.com
Published At:16 Apr, 2009 | 15:12
Updated At:23 Apr, 2026 | 00:35

Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches

Ghostscript (Artifex Software, Inc.)
ghostscript
>>ghostscript>>Versions up to 8.64(inclusive)
cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*
Ghostscript (Artifex Software, Inc.)
ghostscript
>>ghostscript>>0
cpe:2.3:a:ghostscript:ghostscript:0:*:*:*:*:*:*:*
Ghostscript (Artifex Software, Inc.)
ghostscript
>>ghostscript>>5.50
cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:*
Ghostscript (Artifex Software, Inc.)
ghostscript
>>ghostscript>>7.07
cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:*
Ghostscript (Artifex Software, Inc.)
ghostscript
>>ghostscript>>8.0.1
cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:*
Ghostscript (Artifex Software, Inc.)
ghostscript
>>ghostscript>>8.15
cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:*
Ghostscript (Artifex Software, Inc.)
ghostscript
>>ghostscript>>8.15.2
cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:*
Ghostscript (Artifex Software, Inc.)
ghostscript
>>ghostscript>>8.54
cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:*
Ghostscript (Artifex Software, Inc.)
ghostscript
>>ghostscript>>8.56
cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:*
Ghostscript (Artifex Software, Inc.)
ghostscript
>>ghostscript>>8.57
cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:*
Ghostscript (Artifex Software, Inc.)
ghostscript
>>ghostscript>>8.60
cpe:2.3:a:ghostscript:ghostscript:8.60:*:*:*:*:*:*:*
Ghostscript (Artifex Software, Inc.)
ghostscript
>>ghostscript>>8.61
cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:*
Ghostscript (Artifex Software, Inc.)
ghostscript
>>ghostscript>>8.62
cpe:2.3:a:ghostscript:ghostscript:8.62:*:*:*:*:*:*:*
Ghostscript (Artifex Software, Inc.)
ghostscript
>>ghostscript>>8.63
cpe:2.3:a:ghostscript:ghostscript:8.63:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlPSIRT-CNA@flexerasoftware.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlPSIRT-CNA@flexerasoftware.com
N/A
http://osvdb.org/53492PSIRT-CNA@flexerasoftware.com
Exploit
http://secunia.com/advisories/34292PSIRT-CNA@flexerasoftware.com
Vendor Advisory
http://secunia.com/advisories/34667PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/34729PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/34732PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/35416PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/35559PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/35569PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/secunia_research/2009-21/PSIRT-CNA@flexerasoftware.com
Vendor Advisory
http://security.gentoo.org/glsa/glsa-201412-17.xmlPSIRT-CNA@flexerasoftware.com
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1PSIRT-CNA@flexerasoftware.com
N/A
http://wiki.rpath.com/Advisories:rPSA-2009-0060PSIRT-CNA@flexerasoftware.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:095PSIRT-CNA@flexerasoftware.com
N/A
http://www.redhat.com/support/errata/RHSA-2009-0421.htmlPSIRT-CNA@flexerasoftware.com
N/A
http://www.securityfocus.com/archive/1/502586/100/0/threadedPSIRT-CNA@flexerasoftware.com
N/A
http://www.securityfocus.com/archive/1/502757/100/0/threadedPSIRT-CNA@flexerasoftware.com
N/A
http://www.securityfocus.com/bid/34445PSIRT-CNA@flexerasoftware.com
Patch
http://www.securitytracker.com/id?1022029PSIRT-CNA@flexerasoftware.com
N/A
http://www.vupen.com/english/advisories/2009/0983PSIRT-CNA@flexerasoftware.com
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1708PSIRT-CNA@flexerasoftware.com
N/A
https://bugzilla.redhat.com/attachment.cgi?id=337747PSIRT-CNA@flexerasoftware.com
Exploit
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533PSIRT-CNA@flexerasoftware.com
N/A
https://usn.ubuntu.com/757-1/PSIRT-CNA@flexerasoftware.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.htmlPSIRT-CNA@flexerasoftware.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.htmlPSIRT-CNA@flexerasoftware.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/53492af854a3a-2127-422b-91ae-364da2661108
Exploit
http://secunia.com/advisories/34292af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/34667af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/34729af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/34732af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/35416af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/35559af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/35569af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/secunia_research/2009-21/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://security.gentoo.org/glsa/glsa-201412-17.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://wiki.rpath.com/Advisories:rPSA-2009-0060af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:095af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2009-0421.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/502586/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/502757/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/34445af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securitytracker.com/id?1022029af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2009/0983af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1708af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/attachment.cgi?id=337747af854a3a-2127-422b-91ae-364da2661108
Exploit
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533af854a3a-2127-422b-91ae-364da2661108
N/A
https://usn.ubuntu.com/757-1/af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://osvdb.org/53492
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Exploit
Hyperlink: http://secunia.com/advisories/34292
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/34667
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/34729
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/34732
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/35416
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/35559
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/35569
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/secunia_research/2009-21/
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Vendor Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-201412-17.xml
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0060
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0421.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/502586/100/0/threaded
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/502757/100/0/threaded
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/34445
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Patch
Hyperlink: http://www.securitytracker.com/id?1022029
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/0983
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/1708
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/attachment.cgi?id=337747
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Exploit
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: https://usn.ubuntu.com/757-1/
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/53492
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://secunia.com/advisories/34292
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/34667
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/34729
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/34732
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/35416
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/35559
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/35569
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/secunia_research/2009-21/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-201412-17.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0060
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0421.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/502586/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/502757/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/34445
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.securitytracker.com/id?1022029
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/0983
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/1708
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/attachment.cgi?id=337747
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://usn.ubuntu.com/757-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2676Records found

CVE-2009-4270
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-6.90% / 93.30%
||
7 Day CHG~0.00%
Published-21 Dec, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.

Action-Not Available
Vendor-n/aGhostscript (Artifex Software, Inc.)
Product-ghostscriptn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0583
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-4.71% / 90.71%
||
7 Day CHG~0.00%
Published-23 Mar, 2009 | 19:26
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

Action-Not Available
Vendor-argyllcmsn/aGhostscript (Artifex Software, Inc.)
Product-ghostscriptargyllcmsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0584
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-4.07% / 89.45%
||
7 Day CHG~0.00%
Published-23 Mar, 2009 | 19:26
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

Action-Not Available
Vendor-argyllcmsn/aGhostscript (Artifex Software, Inc.)
Product-cmsghostscriptn/a
CVE-2009-0792
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-3.99% / 89.26%
||
7 Day CHG~0.00%
Published-14 Apr, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.

Action-Not Available
Vendor-argyllcmsn/aGhostscript (Artifex Software, Inc.)
Product-ghostscriptargyllcmsn/a
CVE-2008-6679
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.50% / 90.33%
||
7 Day CHG~0.00%
Published-08 Apr, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.

Action-Not Available
Vendor-n/aGhostscript (Artifex Software, Inc.)
Product-ghostscriptn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0411
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-14.41% / 96.19%
||
7 Day CHG~0.00%
Published-28 Feb, 2008 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

Action-Not Available
Vendor-rpathn/aMandriva (Mandrakesoft)SUSEGhostscript (Artifex Software, Inc.)Red Hat, Inc.Debian GNU/Linux
Product-mandrake_linux_corporate_serverghostscriptdebian_linuxmandrakesoft_corporate_serverenterprise_linux_desktop_workstationnovell_linux_possuse_open_enterprise_serversuse_linuxenterprise_linux_desktopopen_susemandrake_linuxrpath_linuxdesktopenterprise_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-6725
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.84% / 90.93%
||
7 Day CHG~0.00%
Published-08 Apr, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.

Action-Not Available
Vendor-n/aGhostscript (Artifex Software, Inc.)
Product-ghostscriptn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1251
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-4.07% / 89.45%
||
7 Day CHG~0.00%
Published-27 Feb, 2014 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted clef atom in a movie file.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1800
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-24.46% / 97.61%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-2262
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-4.31% / 89.96%
||
7 Day CHG~0.00%
Published-28 Feb, 2014 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program.

Action-Not Available
Vendor-sasn/a
Product-base_sasn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1781
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-20.69% / 97.22%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1792, CVE-2014-1804, and CVE-2014-2770.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1805
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-21.73% / 97.33%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1753
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-20.34% / 97.17%
||
7 Day CHG~0.00%
Published-08 Apr, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1782
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-20.69% / 97.22%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1752
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-20.34% / 97.17%
||
7 Day CHG~0.00%
Published-08 Apr, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-2238
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9.3||HIGH
EPSS-45.53% / 98.64%
||
7 Day CHG~0.00%
Published-16 Apr, 2009 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-intelligent_application_gateway_2007n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1790
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-20.69% / 97.22%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1789.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-2133
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.3||HIGH
EPSS-3.12% / 86.27%
||
7 Day CHG~0.00%
Published-08 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file that triggers improper LZW decompression, aka Bug ID CSCuj87565.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_advanced_recording_format_playerwebex_recording_format_playern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1803
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-22.85% / 97.45%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, and CVE-2014-2757.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1815
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-20.26% / 97.16%
||
7 Day CHG~0.00%
Published-14 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May 2014, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0310.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1786
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-20.69% / 97.22%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1785
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-30.29% / 98.00%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1751
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-20.34% / 97.16%
||
7 Day CHG~0.00%
Published-08 Apr, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0235 and CVE-2014-1755.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1795
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-24.73% / 97.63%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1791
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-24.73% / 97.63%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-2087
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-16.73% / 96.65%
||
7 Day CHG~0.00%
Published-18 Mar, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload function in Downloads_Deleted.cpp in Free Download Manager 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name, which is then deleted from the download queue by the user.

Action-Not Available
Vendor-freedownloadmanagern/a
Product-free_download_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1784
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-20.69% / 97.22%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-2136
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.3||HIGH
EPSS-3.79% / 88.69%
||
7 Day CHG~0.00%
Published-08 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCui72223, CSCul01163, and CSCul01166.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_advanced_recording_format_playerwebex_recording_format_playern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1792
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-20.69% / 97.22%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1781, CVE-2014-1804, and CVE-2014-2770.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1804
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-20.45% / 97.18%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1781, CVE-2014-1792, and CVE-2014-2770.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1758
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-16.70% / 96.64%
||
7 Day CHG~0.00%
Published-08 Apr, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Word Stack Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wordn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1783
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-20.69% / 97.22%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1766
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-33.06% / 98.16%
||
7 Day CHG~0.00%
Published-27 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. NOTE: the original disclosure referred to triggering a kernel bug with the Internet Explorer exploit payload, but this ID is not for a kernel vulnerability.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1788
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-20.45% / 97.18%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1774 and CVE-2014-2754.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1772
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-21.73% / 97.33%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1797
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-24.46% / 97.61%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1760
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-12.63% / 95.76%
||
7 Day CHG~0.00%
Published-08 Apr, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1549
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-5.64% / 92.01%
||
7 Day CHG~0.00%
Published-23 Jul, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted audio content that is improperly handled during playback buffering.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1757
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-17.32% / 96.73%
||
7 Day CHG~0.00%
Published-08 Apr, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office File Format Converter Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_compatibility_packwordn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1799
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-32.85% / 98.15%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1803, and CVE-2014-2757.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1802
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-20.45% / 97.18%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1775
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-22.85% / 97.45%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1779, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1789
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-28.54% / 97.89%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1790.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-3030
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.46% / 87.60%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the AES module. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatmac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAdobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1794
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-20.69% / 97.22%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1796
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-20.69% / 97.22%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 and 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-0312
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-21.57% / 97.32%
||
7 Day CHG+0.17%
Published-12 Mar, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0324.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-0279
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-22.89% / 97.46%
||
7 Day CHG~0.00%
Published-12 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0278.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-3017
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-4.28% / 89.91%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when handling a malformed PDF file. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatmac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAdobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-0269
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-17.39% / 96.75%
||
7 Day CHG~0.00%
Published-12 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 53
  • 54
  • Next
Details not found