Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-5018

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-14 Jan, 2011 | 16:00
Updated At-07 Aug, 2024 | 07:24
Rejected At-
Credits

Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:14 Jan, 2011 | 16:00
Updated At:07 Aug, 2024 | 07:24
Rejected At:
▼CVE Numbering Authority (CNA)

Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.redhat.com/show_bug.cgi?id=547515
x_refsource_CONFIRM
http://openwall.com/lists/oss-security/2010/11/22/12
mailing-list
x_refsource_MLIST
http://www.vupen.com/english/advisories/2011/0023
vdb-entry
x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDVSA-2011:009
vendor-advisory
x_refsource_MANDRIVA
http://openwall.com/lists/oss-security/2010/11/22/3
mailing-list
x_refsource_MLIST
http://secunia.com/advisories/42796
third-party-advisory
x_refsource_SECUNIA
http://bugs.gentoo.org/show_bug.cgi?id=346501
x_refsource_CONFIRM
http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log
x_refsource_CONFIRM
http://www.securityfocus.com/bid/41801
vdb-entry
x_refsource_BID
http://www.vupen.com/english/advisories/2010/3036
vdb-entry
x_refsource_VUPEN
http://openwall.com/lists/oss-security/2010/11/21/1
mailing-list
x_refsource_MLIST
http://www.vupen.com/english/advisories/2011/0107
vdb-entry
x_refsource_VUPEN
http://security.gentoo.org/glsa/glsa-201101-01.xml
vendor-advisory
x_refsource_GENTOO
http://openwall.com/lists/oss-security/2010/11/22/1
mailing-list
x_refsource_MLIST
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
x_refsource_CONFIRM
http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072009.html
mailing-list
x_refsource_FULLDISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/64820
vdb-entry
x_refsource_XF
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=547515
Resource:
x_refsource_CONFIRM
Hyperlink: http://openwall.com/lists/oss-security/2010/11/22/12
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.vupen.com/english/advisories/2011/0023
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:009
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://openwall.com/lists/oss-security/2010/11/22/3
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/42796
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=346501
Resource:
x_refsource_CONFIRM
Hyperlink: http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/41801
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.vupen.com/english/advisories/2010/3036
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://openwall.com/lists/oss-security/2010/11/21/1
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.vupen.com/english/advisories/2011/0107
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://security.gentoo.org/glsa/glsa-201101-01.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://openwall.com/lists/oss-security/2010/11/22/1
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072009.html
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/64820
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html
Resource:
vendor-advisory
x_refsource_FEDORA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.redhat.com/show_bug.cgi?id=547515
x_refsource_CONFIRM
x_transferred
http://openwall.com/lists/oss-security/2010/11/22/12
mailing-list
x_refsource_MLIST
x_transferred
http://www.vupen.com/english/advisories/2011/0023
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:009
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://openwall.com/lists/oss-security/2010/11/22/3
mailing-list
x_refsource_MLIST
x_transferred
http://secunia.com/advisories/42796
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://bugs.gentoo.org/show_bug.cgi?id=346501
x_refsource_CONFIRM
x_transferred
http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/41801
vdb-entry
x_refsource_BID
x_transferred
http://www.vupen.com/english/advisories/2010/3036
vdb-entry
x_refsource_VUPEN
x_transferred
http://openwall.com/lists/oss-security/2010/11/21/1
mailing-list
x_refsource_MLIST
x_transferred
http://www.vupen.com/english/advisories/2011/0107
vdb-entry
x_refsource_VUPEN
x_transferred
http://security.gentoo.org/glsa/glsa-201101-01.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://openwall.com/lists/oss-security/2010/11/22/1
mailing-list
x_refsource_MLIST
x_transferred
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
x_refsource_CONFIRM
x_transferred
http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072009.html
mailing-list
x_refsource_FULLDISC
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/64820
vdb-entry
x_refsource_XF
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=547515
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://openwall.com/lists/oss-security/2010/11/22/12
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0023
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:009
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://openwall.com/lists/oss-security/2010/11/22/3
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/42796
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=346501
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/41801
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/3036
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://openwall.com/lists/oss-security/2010/11/21/1
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0107
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-201101-01.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://openwall.com/lists/oss-security/2010/11/22/1
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072009.html
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/64820
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:14 Jan, 2011 | 17:00
Updated At:11 Apr, 2025 | 00:51

Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
catb
catb
>>gif2png>>Versions up to 2.5.3(inclusive)
cpe:2.3:a:catb:gif2png:*:*:*:*:*:*:*:*
catb
catb
>>gif2png>>0.99
cpe:2.3:a:catb:gif2png:0.99:*:*:*:*:*:*:*
catb
catb
>>gif2png>>1.0.0
cpe:2.3:a:catb:gif2png:1.0.0:*:*:*:*:*:*:*
catb
catb
>>gif2png>>1.1.0
cpe:2.3:a:catb:gif2png:1.1.0:*:*:*:*:*:*:*
catb
catb
>>gif2png>>1.1.1
cpe:2.3:a:catb:gif2png:1.1.1:*:*:*:*:*:*:*
catb
catb
>>gif2png>>1.2.0
cpe:2.3:a:catb:gif2png:1.2.0:*:*:*:*:*:*:*
catb
catb
>>gif2png>>1.2.1
cpe:2.3:a:catb:gif2png:1.2.1:*:*:*:*:*:*:*
catb
catb
>>gif2png>>1.2.2
cpe:2.3:a:catb:gif2png:1.2.2:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.0.0
cpe:2.3:a:catb:gif2png:2.0.0:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.0.1
cpe:2.3:a:catb:gif2png:2.0.1:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.0.2
cpe:2.3:a:catb:gif2png:2.0.2:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.0.3
cpe:2.3:a:catb:gif2png:2.0.3:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.1.1
cpe:2.3:a:catb:gif2png:2.1.1:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.1.2
cpe:2.3:a:catb:gif2png:2.1.2:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.1.3
cpe:2.3:a:catb:gif2png:2.1.3:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.2.0
cpe:2.3:a:catb:gif2png:2.2.0:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.2.1
cpe:2.3:a:catb:gif2png:2.2.1:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.2.2
cpe:2.3:a:catb:gif2png:2.2.2:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.2.3
cpe:2.3:a:catb:gif2png:2.2.3:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.2.4
cpe:2.3:a:catb:gif2png:2.2.4:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.2.5
cpe:2.3:a:catb:gif2png:2.2.5:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.3.0
cpe:2.3:a:catb:gif2png:2.3.0:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.3.1
cpe:2.3:a:catb:gif2png:2.3.1:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.3.2
cpe:2.3:a:catb:gif2png:2.3.2:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.3.3
cpe:2.3:a:catb:gif2png:2.3.3:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.4.0
cpe:2.3:a:catb:gif2png:2.4.0:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.4.1
cpe:2.3:a:catb:gif2png:2.4.1:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.4.2
cpe:2.3:a:catb:gif2png:2.4.2:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.4.3
cpe:2.3:a:catb:gif2png:2.4.3:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.4.4
cpe:2.3:a:catb:gif2png:2.4.4:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.4.5
cpe:2.3:a:catb:gif2png:2.4.5:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.4.6
cpe:2.3:a:catb:gif2png:2.4.6:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.4.7
cpe:2.3:a:catb:gif2png:2.4.7:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.5.0
cpe:2.3:a:catb:gif2png:2.5.0:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.5.1
cpe:2.3:a:catb:gif2png:2.5.1:*:*:*:*:*:*:*
catb
catb
>>gif2png>>2.5.2
cpe:2.3:a:catb:gif2png:2.5.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978secalert@redhat.com
Patch
http://bugs.gentoo.org/show_bug.cgi?id=346501secalert@redhat.com
N/A
http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=logsecalert@redhat.com
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.htmlsecalert@redhat.com
Patch
http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072009.htmlsecalert@redhat.com
Patch
http://openwall.com/lists/oss-security/2010/11/21/1secalert@redhat.com
Patch
http://openwall.com/lists/oss-security/2010/11/22/1secalert@redhat.com
Patch
http://openwall.com/lists/oss-security/2010/11/22/12secalert@redhat.com
N/A
http://openwall.com/lists/oss-security/2010/11/22/3secalert@redhat.com
N/A
http://secunia.com/advisories/42796secalert@redhat.com
Vendor Advisory
http://security.gentoo.org/glsa/glsa-201101-01.xmlsecalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:009secalert@redhat.com
N/A
http://www.securityfocus.com/bid/41801secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2010/3036secalert@redhat.com
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0023secalert@redhat.com
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0107secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=547515secalert@redhat.com
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/64820secalert@redhat.com
N/A
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978af854a3a-2127-422b-91ae-364da2661108
Patch
http://bugs.gentoo.org/show_bug.cgi?id=346501af854a3a-2127-422b-91ae-364da2661108
N/A
http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=logaf854a3a-2127-422b-91ae-364da2661108
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072009.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
http://openwall.com/lists/oss-security/2010/11/21/1af854a3a-2127-422b-91ae-364da2661108
Patch
http://openwall.com/lists/oss-security/2010/11/22/1af854a3a-2127-422b-91ae-364da2661108
Patch
http://openwall.com/lists/oss-security/2010/11/22/12af854a3a-2127-422b-91ae-364da2661108
N/A
http://openwall.com/lists/oss-security/2010/11/22/3af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/42796af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://security.gentoo.org/glsa/glsa-201101-01.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:009af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/41801af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/3036af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0023af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0107af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=547515af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/64820af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=346501
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072009.html
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://openwall.com/lists/oss-security/2010/11/21/1
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://openwall.com/lists/oss-security/2010/11/22/1
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://openwall.com/lists/oss-security/2010/11/22/12
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://openwall.com/lists/oss-security/2010/11/22/3
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/42796
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-201101-01.xml
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:009
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/41801
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/3036
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0023
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0107
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=547515
Source: secalert@redhat.com
Resource:
Exploit
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/64820
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=346501
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072009.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://openwall.com/lists/oss-security/2010/11/21/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://openwall.com/lists/oss-security/2010/11/22/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://openwall.com/lists/oss-security/2010/11/22/12
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://openwall.com/lists/oss-security/2010/11/22/3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/42796
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-201101-01.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:009
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/41801
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/3036
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0023
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0107
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=547515
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/64820
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1972Records found
CVE-2017-17557
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-29.02% / 96.45%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 20:00
Updated-05 Aug, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdffoxit_readern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-17121
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.12%
||
7 Day CHG~0.00%
Published-04 Dec, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.

Action-Not Available
Vendor-n/aGNU
Product-binutilsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-16352
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-31.37% / 96.65%
||
7 Day CHG~0.00%
Published-01 Nov, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagick
Product-debian_linuxgraphicsmagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15753
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 49.88%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at BabaCAD4Image!ShowPlugInOptions+0x00000000000029c2."

Action-Not Available
Vendor-n/aIrfanView
Product-babacad4imageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15780
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.41%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285dad."

Action-Not Available
Vendor-n/aXnView (XnSoft)Microsoft Corporation
Product-xnviewwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-16739
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-1.09% / 77.55%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 20:00
Updated-05 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution.

Action-Not Available
Vendor-we-conn/a
Product-levistudio_hmi_editorlevistudio_hmi_editor_firmwareWECON Technology Co., Ltd. LeviStudio HMI Editor
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-16751
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.43%
||
7 Day CHG~0.00%
Published-15 Mar, 2018 | 23:00
Updated-05 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dpb files may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-n/aDelta Electronics, Inc.
Product-delta_industrial_automation_screen_editorDelta Electronics Delta Industrial Automation Screen Editor
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1063
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-21.91% / 95.62%
||
7 Day CHG~0.00%
Published-24 Mar, 2009 | 19:00
Updated-07 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers to execute arbitrary code via a crafted executable (.exe) file.

Action-Not Available
Vendor-brother_softn/a
Product-exescopen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.32%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to an "Illegal Instruction Violation starting at xnview+0x0000000000370074."

Action-Not Available
Vendor-n/aXnView (XnSoft)Microsoft Corporation
Product-xnviewwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15757
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 49.88%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at BabaCAD4Image!ShowPlugInOptions+0x00000000000029ba."

Action-Not Available
Vendor-n/aIrfanView
Product-babacad4imageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15738
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 49.88%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADIMAGE+0x00000000003d22d8."

Action-Not Available
Vendor-n/aIrfanView
Product-cadimageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15782
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.32%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x00000000000032eb."

Action-Not Available
Vendor-n/aXnView (XnSoft)Microsoft Corporation
Product-xnviewwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15742
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 49.88%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADIMAGE+0x00000000003d2328."

Action-Not Available
Vendor-n/aIrfanView
Product-cadimageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15764
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.61%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001e6b0."

Action-Not Available
Vendor-n/aIrfanView
Product-babacad4imageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15739
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.77%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at CADIMAGE+0x00000000000042d5."

Action-Not Available
Vendor-n/aIrfanView
Product-cadimageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15778
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.41%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285de7."

Action-Not Available
Vendor-n/aXnView (XnSoft)Microsoft Corporation
Product-xnviewwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15751
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 49.88%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at BabaCAD4Image!ShowPlugInOptions+0x0000000000009f39."

Action-Not Available
Vendor-n/aIrfanView
Product-babacad4imageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15773
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.41%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285d79."

Action-Not Available
Vendor-n/aXnView (XnSoft)Microsoft Corporation
Product-xnviewwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15775
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.41%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000259aa4."

Action-Not Available
Vendor-n/aXnView (XnSoft)Microsoft Corporation
Product-xnviewwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15802
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.41%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000087."

Action-Not Available
Vendor-n/aXnView (XnSoft)Microsoft Corporation
Product-xnviewwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15765
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.61%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at CADIMAGE+0x00000000003e9462."

Action-Not Available
Vendor-n/aIrfanView
Product-cadimageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15756
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.77%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000004d7c4."

Action-Not Available
Vendor-n/aIrfanView
Product-babacad4imageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15760
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.91%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001ce82."

Action-Not Available
Vendor-n/aIrfanView
Product-babacad4imageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15789
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.32%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x00000000000048e7."

Action-Not Available
Vendor-n/aXnView (XnSoft)Microsoft Corporation
Product-xnviewwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15747
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.77%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x0000700b00260112 called from CADIMAGE+0x00000000003d35ad."

Action-Not Available
Vendor-n/aIrfanView
Product-cadimageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15776
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.41%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285ec1."

Action-Not Available
Vendor-n/aXnView (XnSoft)Microsoft Corporation
Product-xnviewwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15759
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.77%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001b3f3."

Action-Not Available
Vendor-n/aIrfanView
Product-babacad4imageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15777
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.32%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at CADImage+0x0000000000288750."

Action-Not Available
Vendor-n/aXnView (XnSoft)Microsoft Corporation
Product-xnviewwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15754
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.77%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at BabaCAD4Image!ShowPlugInOptions+0x0000000000013968."

Action-Not Available
Vendor-n/aIrfanView
Product-babacad4imageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-16669
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.13% / 77.97%
||
7 Day CHG~0.00%
Published-09 Nov, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagick
Product-debian_linuxgraphicsmagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-16793
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.18%
||
7 Day CHG~0.00%
Published-12 Nov, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-16796
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.53%
||
7 Day CHG~0.00%
Published-12 Nov, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15768
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.61%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView version 4.50 - 64bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to "Data from Faulting Address controls Branch Selection starting at image000007f7_42060000+0x0000000000094113."

Action-Not Available
Vendor-n/aIrfanView
Product-irfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15749
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 49.88%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x00000000000348b9."

Action-Not Available
Vendor-n/aIrfanView
Product-cadimageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15737
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 49.88%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADIMAGE+0x00000000003d246f."

Action-Not Available
Vendor-n/aIrfanView
Product-cadimageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15781
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.32%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Read Access Violation on Control Flow starting at CADImage+0x0000000000286a76."

Action-Not Available
Vendor-n/aXnView (XnSoft)Microsoft Corporation
Product-xnviewwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15783
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.41%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000285ce1."

Action-Not Available
Vendor-n/aXnView (XnSoft)Microsoft Corporation
Product-xnviewwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15762
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.91%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001f31b."

Action-Not Available
Vendor-n/aIrfanView
Product-babacad4imageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15779
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.32%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at CADImage+0x00000000000034b0."

Action-Not Available
Vendor-n/aXnView (XnSoft)Microsoft Corporation
Product-xnviewwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15740
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.77%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls Code Flow starting at CADIMAGE+0x000000000033228e."

Action-Not Available
Vendor-n/aIrfanView
Product-cadimageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-16827
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.67%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.

Action-Not Available
Vendor-n/aGNU
Product-binutilsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15743
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 49.88%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address may be used as a return value starting at CADIMAGE+0x00000000003d24a0."

Action-Not Available
Vendor-n/aIrfanView
Product-cadimageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15774
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.32%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls Code Flow starting at CADImage+0x0000000000221a9a."

Action-Not Available
Vendor-n/aXnView (XnSoft)Microsoft Corporation
Product-xnviewwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15787
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.32%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation starting at xnview+0x0000000000580063."

Action-Not Available
Vendor-n/aXnView (XnSoft)Microsoft Corporation
Product-xnviewwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15785
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.32%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation near NULL starting at Unknown Symbol @ 0x0000000000000000 called from CADImage+0x0000000000286a79."

Action-Not Available
Vendor-n/aXnView (XnSoft)Microsoft Corporation
Product-xnviewwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15748
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.77%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADIMAGE+0x000000000000613a."

Action-Not Available
Vendor-n/aIrfanView
Product-cadimageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15763
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.91%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001eca0."

Action-Not Available
Vendor-n/aIrfanView
Product-babacad4imageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15755
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 49.88%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at verifier!AVrfpDphFindBusyMemoryNoCheck+0x0000000000000091."

Action-Not Available
Vendor-n/aIrfanView
Product-babacad4imageirfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-16357
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.77%
||
7 Day CHG~0.00%
Published-01 Nov, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15769
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.61%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.50 - 64bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dds file, related to "Read Access Violation starting at FORMATS!ReadBLP_W+0x0000000000001b22."

Action-Not Available
Vendor-n/aIrfanView
Product-irfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 39
  • 40
  • Next
Details not found