Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-1721

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-31 Jul, 2009 | 18:29
Updated At-07 Aug, 2024 | 05:20
Rejected At-
Credits

The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:31 Jul, 2009 | 18:29
Updated At:07 Aug, 2024 | 05:20
Rejected At:
▼CVE Numbering Authority (CNA)

The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html
vendor-advisory
x_refsource_FEDORA
http://support.apple.com/kb/HT3757
x_refsource_CONFIRM
http://secunia.com/advisories/36123
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html
vendor-advisory
x_refsource_FEDORA
http://www.mandriva.com/security/advisories?name=MDVSA-2009:191
vendor-advisory
x_refsource_MANDRIVA
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz
x_refsource_CONFIRM
http://secunia.com/advisories/36753
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/2035
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/36096
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1842
vendor-advisory
x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2009:190
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/36030
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/36032
third-party-advisory
x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
vendor-advisory
x_refsource_APPLE
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz
x_refsource_CONFIRM
http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff
x_refsource_CONFIRM
http://www.securityfocus.com/bid/35838
vdb-entry
x_refsource_BID
http://www.securitytracker.com/id?1022674
vdb-entry
x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-831-1
vendor-advisory
x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2009/2172
vdb-entry
x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
third-party-advisory
x_refsource_CERT
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html
vendor-advisory
x_refsource_SUSE
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://support.apple.com/kb/HT3757
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/36123
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:191
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/36753
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2009/2035
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/36096
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2009/dsa-1842
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:190
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/36030
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/36032
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz
Resource:
x_refsource_CONFIRM
Hyperlink: http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/35838
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id?1022674
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.ubuntu.com/usn/USN-831-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.vupen.com/english/advisories/2009/2172
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-218A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://support.apple.com/kb/HT3757
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/36123
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2009:191
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/36753
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2009/2035
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/36096
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2009/dsa-1842
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2009:190
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/36030
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/36032
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz
x_refsource_CONFIRM
x_transferred
http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/35838
vdb-entry
x_refsource_BID
x_transferred
http://www.securitytracker.com/id?1022674
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.ubuntu.com/usn/USN-831-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.vupen.com/english/advisories/2009/2172
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://support.apple.com/kb/HT3757
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/36123
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:191
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/36753
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/2035
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/36096
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2009/dsa-1842
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:190
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/36030
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/36032
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/35838
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id?1022674
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-831-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/2172
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-218A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:31 Jul, 2009 | 19:00
Updated At:23 Apr, 2026 | 00:35

The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
openexr
openexr
>>openexr>>1.2.2
cpe:2.3:a:openexr:openexr:1.2.2:*:*:*:*:*:*:*
openexr
openexr
>>openexr>>1.6.1
cpe:2.3:a:openexr:openexr:1.6.1:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>10.0
cpe:2.3:o:opensuse:opensuse:10.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>10.3
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>11.0
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>Versions before 10.5.8(exclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>4.0
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>5.0
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.04
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.10
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>9.04
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>10
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>11
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-824Primarynvd@nist.gov
CWE ID: CWE-824
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.htmlcve@mitre.org
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.htmlcve@mitre.org
Mailing List
http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiffcve@mitre.org
Broken Link
Patch
http://secunia.com/advisories/36030cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/36032cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/36096cve@mitre.org
Broken Link
http://secunia.com/advisories/36123cve@mitre.org
Broken Link
http://secunia.com/advisories/36753cve@mitre.org
Broken Link
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gzcve@mitre.org
Broken Link
Patch
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gzcve@mitre.org
Broken Link
Patch
http://support.apple.com/kb/HT3757cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2009/dsa-1842cve@mitre.org
Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2009:190cve@mitre.org
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:191cve@mitre.org
Broken Link
http://www.securityfocus.com/bid/35838cve@mitre.org
Broken Link
Patch
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1022674cve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-831-1cve@mitre.org
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA09-218A.htmlcve@mitre.org
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2009/2035cve@mitre.org
Broken Link
Vendor Advisory
http://www.vupen.com/english/advisories/2009/2172cve@mitre.org
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.htmlcve@mitre.org
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.htmlcve@mitre.org
Mailing List
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiffaf854a3a-2127-422b-91ae-364da2661108
Broken Link
Patch
http://secunia.com/advisories/36030af854a3a-2127-422b-91ae-364da2661108
Broken Link
Vendor Advisory
http://secunia.com/advisories/36032af854a3a-2127-422b-91ae-364da2661108
Broken Link
Vendor Advisory
http://secunia.com/advisories/36096af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/36123af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/36753af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gzaf854a3a-2127-422b-91ae-364da2661108
Broken Link
Patch
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gzaf854a3a-2127-422b-91ae-364da2661108
Broken Link
Patch
http://support.apple.com/kb/HT3757af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2009/dsa-1842af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2009:190af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:191af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securityfocus.com/bid/35838af854a3a-2127-422b-91ae-364da2661108
Broken Link
Patch
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1022674af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-831-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA09-218A.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2009/2035af854a3a-2127-422b-91ae-364da2661108
Broken Link
Vendor Advisory
http://www.vupen.com/english/advisories/2009/2172af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff
Source: cve@mitre.org
Resource:
Broken Link
Patch
Hyperlink: http://secunia.com/advisories/36030
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/36032
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/36096
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/36123
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/36753
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz
Source: cve@mitre.org
Resource:
Broken Link
Patch
Hyperlink: http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz
Source: cve@mitre.org
Resource:
Broken Link
Patch
Hyperlink: http://support.apple.com/kb/HT3757
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2009/dsa-1842
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:190
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:191
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/35838
Source: cve@mitre.org
Resource:
Broken Link
Patch
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1022674
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-831-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-218A.html
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2009/2035
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/2172
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Patch
Hyperlink: http://secunia.com/advisories/36030
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/36032
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/36096
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/36123
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/36753
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Patch
Hyperlink: http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Patch
Hyperlink: http://support.apple.com/kb/HT3757
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2009/dsa-1842
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:190
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:191
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/35838
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Patch
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1022674
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-831-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-218A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2009/2035
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/2172
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List

Change History

0
Information is not available yet

Similar CVEs

3687Records found
CVE-2022-31625
Matching Score-10
Assigner-PHP Group
ShareView Details
Matching Score-10
Assigner-PHP Group
CVSS Score-8.1||HIGH
EPSS-0.77% / 73.56%
||
7 Day CHG~0.00%
Published-16 Jun, 2022 | 05:45
Updated-16 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Freeing unallocated memory in php_pgsql_free_params()

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

Action-Not Available
Vendor-The PHP GroupDebian GNU/Linux
Product-phpdebian_linuxPHP
CWE ID-CWE-824
Access of Uninitialized Pointer
CWE ID-CWE-590
Free of Memory not on the Heap
CWE ID-CWE-763
Release of Invalid Pointer or Reference
CVE-2007-4682
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.88% / 88.34%
||
7 Day CHG~0.00%
Published-15 Nov, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2009-0040
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-8.28% / 92.30%
||
7 Day CHG~0.00%
Published-22 Feb, 2009 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.

Action-Not Available
Vendor-libpngn/aApple Inc.openSUSESUSEDebian GNU/LinuxFedora Project
Product-debian_linuxlinux_enterprise_desktopmac_os_xlinux_enterpriselinux_enterprise_serverlibpngiphone_osfedoraopensusen/a
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2016-4343
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.58% / 91.90%
||
7 Day CHG~0.00%
Published-22 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.

Action-Not Available
Vendor-n/aThe PHP GroupopenSUSE
Product-phpopensusen/a
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2015-6718
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 74.68%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CBSharedReviewIfOfflineDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CVE-2015-7103
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.01% / 77.24%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7102.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_ossafarin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7619
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-1.78% / 82.83%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ANShareFile2 method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7620, and CVE-2015-7623.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-416
Use After Free
CVE-2015-7001
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.91% / 75.95%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CVE-2015-6696
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-1.50% / 81.30%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6698.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-6695
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 74.71%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted use of the value attribute, a different vulnerability than CVE-2015-6685, CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, and CVE-2015-7622.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7003
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.65% / 70.83%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2015-6991
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.87% / 83.23%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6715
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 74.68%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Function apply implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CVE-2015-7102
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.01% / 77.24%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7103.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_ossafarin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6724
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 74.68%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ANSendForApproval method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CVE-2012-0608
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.76% / 82.77%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunesiphone_osn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-1833
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.87%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 14:43
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to gain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CVE-2015-7012
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.65% / 82.12%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunesiphone_ossafarin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6721
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 74.68%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CBSharedReviewSecurityDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CVE-2015-7104
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.54% / 81.50%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvossafarin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7156
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-1.98% / 83.72%
||
7 Day CHG~0.00%
Published-25 Dec, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindowsiphone_ossafaritvosicloudn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7090
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.57% / 68.77%
||
7 Day CHG~0.00%
Published-09 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6689
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-1.30% / 79.86%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a crafted WillSave document action, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6688, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-416
Use After Free
CVE-2012-0777
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-8.46% / 92.41%
||
7 Day CHG~0.00%
Published-10 Apr, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Linux Kernel Organization, Inc
Product-acrobatacrobat_readerlinux_kernelmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7005
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-3.22% / 87.15%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ossafaritvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7105
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.53% / 85.56%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0658
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.90% / 83.39%
||
7 Day CHG~0.00%
Published-11 May, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6990
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.87% / 83.23%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0247
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-8.8||HIGH
EPSS-4.21% / 88.82%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCRed Hat, Inc.Debian GNU/Linux
Product-debian_linuximagemagickubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopstorageenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_eusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0654
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.56% / 68.45%
||
7 Day CHG~0.00%
Published-11 May, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7038
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-6.46% / 91.16%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7039.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7065
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.87% / 83.23%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6719
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 74.68%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CBSharedReviewCloseDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CVE-2011-3958
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-2.29% / 84.84%
||
7 Day CHG~0.00%
Published-09 Feb, 2012 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-416
Use After Free
CVE-2015-7066
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.23% / 79.34%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-7064.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-4408
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-6.8||MEDIUM
EPSS-0.41% / 61.69%
||
7 Day CHG~0.00%
Published-16 Jun, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle (MITM) attack.

Action-Not Available
Vendor-n/aCanonical Ltd.
Product-ubuntu_linuxn/a
CVE-2019-12137
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.54% / 85.57%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 13:20
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.

Action-Not Available
Vendor-typoran/aApple Inc.
Product-typoramac_os_xn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-7213
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.44% / 85.29%
||
7 Day CHG~0.00%
Published-16 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.

Action-Not Available
Vendor-n/aopenSUSEMozilla CorporationFedora Project
Product-leapfirefoxopensusefedoran/a
CVE-2015-7097
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.09% / 78.11%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_ossafarin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-4182
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.3||HIGH
EPSS-0.54% / 67.87%
||
7 Day CHG~0.00%
Published-12 Jun, 2018 | 15:00
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
shell code injection via ESSID because of missing escaping of a variable

Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1.

Action-Not Available
Vendor-SUSE Linux EnterpriseopenSUSE
Product-sysconfigsysconfig
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5756
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.10% / 84.21%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-32545
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.82%
||
7 Day CHG~0.00%
Published-16 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Action-Not Available
Vendor-n/aRed Hat, Inc.Fedora ProjectImageMagick Studio LLC
Product-extra_packages_for_enterprise_linuxenterprise_linuxfedoraimagemagickImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2015-5772
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.72% / 82.56%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1822
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-4.06% / 88.60%
||
7 Day CHG~0.00%
Published-04 Oct, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLC
Product-chromesafariopensusen/a
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2011-4517
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-6.8||MEDIUM
EPSS-42.13% / 97.47%
||
7 Day CHG~0.00%
Published-15 Dec, 2011 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.

Action-Not Available
Vendor-n/aJasPerCanonical Ltd.Oracle CorporationSUSERed Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopoutside_in_technologyjasperenterprise_linux_desktoplinux_enterprise_serverfedoralinux_enterprise_software_development_kitn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-5793
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.54% / 81.50%
||
7 Day CHG~0.00%
Published-18 Sep, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunesiphone_ossafarin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5048
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.31% / 54.21%
||
7 Day CHG~0.00%
Published-25 Apr, 2017 | 03:23
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsmacoschromeandroidlinux_kernelGoogle Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2015-5801
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.79% / 73.94%
||
7 Day CHG~0.00%
Published-18 Sep, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunesiphone_ossafarin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5755
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.81% / 86.25%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunesiphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5944
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.16% / 78.72%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreText in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 73
  • 74
  • Next
Details not found