Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-4008

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-16 Nov, 2010 | 23:00
Updated At-07 Aug, 2024 | 03:26
Rejected At-
Credits

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:16 Nov, 2010 | 23:00
Updated At:07 Aug, 2024 | 03:26
Rejected At:
â–¼CVE Numbering Authority (CNA)

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/40775
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/42175
third-party-advisory
x_refsource_SECUNIA
http://mail.gnome.org/archives/xml/2010-November/msg00015.html
mailing-list
x_refsource_MLIST
http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html
x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=130331363227777&w=2
vendor-advisory
x_refsource_HP
http://www.securityfocus.com/bid/44779
vdb-entry
x_refsource_BID
http://www.vupen.com/english/advisories/2011/0230
vdb-entry
x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/3046
vdb-entry
x_refsource_VUPEN
http://rhn.redhat.com/errata/RHSA-2013-0217.html
vendor-advisory
x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-1016-1
vendor-advisory
x_refsource_UBUNTU
http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/
x_refsource_MISC
http://secunia.com/advisories/42109
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT4566
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
vendor-advisory
x_refsource_SUSE
http://www.redhat.com/support/errata/RHSA-2011-1749.html
vendor-advisory
x_refsource_REDHAT
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
vendor-advisory
x_refsource_APPLE
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
vendor-advisory
x_refsource_APPLE
http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/3100
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/42314
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT4554
x_refsource_CONFIRM
http://www.debian.org/security/2010/dsa-2128
vendor-advisory
x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2010:243
vendor-advisory
x_refsource_MANDRIVA
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
vendor-advisory
x_refsource_APPLE
http://marc.info/?l=bugtraq&m=130331363227777&w=2
vendor-advisory
x_refsource_HP
http://www.vupen.com/english/advisories/2010/3076
vdb-entry
x_refsource_VUPEN
http://support.apple.com/kb/HT4456
x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148
vdb-entry
signature
x_refsource_OVAL
http://code.google.com/p/chromium/issues/detail?id=58731
x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=139447903326211&w=2
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/42429
third-party-advisory
x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
vendor-advisory
x_refsource_APPLE
http://support.apple.com/kb/HT4581
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/40775
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/42175
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://mail.gnome.org/archives/xml/2010-November/msg00015.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://marc.info/?l=bugtraq&m=130331363227777&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.securityfocus.com/bid/44779
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.vupen.com/english/advisories/2011/0230
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vupen.com/english/advisories/2010/3046
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0217.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.ubuntu.com/usn/USN-1016-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/42109
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://support.apple.com/kb/HT4566
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1749.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2010/3100
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/42314
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://support.apple.com/kb/HT4554
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2010/dsa-2128
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:243
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://marc.info/?l=bugtraq&m=130331363227777&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.vupen.com/english/advisories/2010/3076
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://support.apple.com/kb/HT4456
Resource:
x_refsource_CONFIRM
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=58731
Resource:
x_refsource_CONFIRM
Hyperlink: http://marc.info/?l=bugtraq&m=139447903326211&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/42429
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://support.apple.com/kb/HT4581
Resource:
x_refsource_CONFIRM
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/40775
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/42175
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://mail.gnome.org/archives/xml/2010-November/msg00015.html
mailing-list
x_refsource_MLIST
x_transferred
http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html
x_refsource_CONFIRM
x_transferred
http://marc.info/?l=bugtraq&m=130331363227777&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.securityfocus.com/bid/44779
vdb-entry
x_refsource_BID
x_transferred
http://www.vupen.com/english/advisories/2011/0230
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.vupen.com/english/advisories/2010/3046
vdb-entry
x_refsource_VUPEN
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0217.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.ubuntu.com/usn/USN-1016-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/
x_refsource_MISC
x_transferred
http://secunia.com/advisories/42109
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://support.apple.com/kb/HT4566
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-1749.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2010/3100
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/42314
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://support.apple.com/kb/HT4554
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2010/dsa-2128
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2010:243
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://marc.info/?l=bugtraq&m=130331363227777&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.vupen.com/english/advisories/2010/3076
vdb-entry
x_refsource_VUPEN
x_transferred
http://support.apple.com/kb/HT4456
x_refsource_CONFIRM
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://code.google.com/p/chromium/issues/detail?id=58731
x_refsource_CONFIRM
x_transferred
http://marc.info/?l=bugtraq&m=139447903326211&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/42429
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://support.apple.com/kb/HT4581
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/40775
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/42175
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://mail.gnome.org/archives/xml/2010-November/msg00015.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=130331363227777&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.securityfocus.com/bid/44779
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0230
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/3046
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0217.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1016-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/42109
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://support.apple.com/kb/HT4566
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1749.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/3100
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/42314
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://support.apple.com/kb/HT4554
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2010/dsa-2128
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:243
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=130331363227777&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/3076
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://support.apple.com/kb/HT4456
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=58731
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=139447903326211&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/42429
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://support.apple.com/kb/HT4581
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:17 Nov, 2010 | 01:00
Updated At:11 Apr, 2025 | 00:51

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
Google LLC
google
>>chrome>>Versions before 7.0.517.44(exclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>itunes>>Versions before 10.2(exclusive)
cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>Versions before 5.0.4(exclusive)
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions before 4.2(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>Versions before 10.6.7(exclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
libxml2 (XMLSoft)
xmlsoft
>>libxml2>>Versions before 2.7.8(exclusive)
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>5.0
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>6.0
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.06
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.04
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>9.10
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>10.04
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>10.10
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_eus>>6.3
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.3:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>11.1
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>11.2
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>11.3
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux_enterprise_server>>10
cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp3:*:*:*:*:*:*
SUSE
suse
>>suse_linux_enterprise_server>>11
cpe:2.3:o:suse:suse_linux_enterprise_server:11:-:*:*:*:*:*:*
SUSE
suse
>>suse_linux_enterprise_server>>11
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:*:*:*:*
The Apache Software Foundation
apache
>>openoffice>>Versions from 2.0.0(inclusive) to 2.4.3(inclusive)
cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>openoffice>>Versions from 3.0.0(inclusive) to 3.3.0(exclusive)
cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/product-security@apple.com
Broken Link
http://code.google.com/p/chromium/issues/detail?id=58731product-security@apple.com
Exploit
Issue Tracking
Patch
Vendor Advisory
http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.htmlproduct-security@apple.com
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlproduct-security@apple.com
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.htmlproduct-security@apple.com
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.htmlproduct-security@apple.com
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlproduct-security@apple.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.htmlproduct-security@apple.com
Mailing List
Third Party Advisory
http://mail.gnome.org/archives/xml/2010-November/msg00015.htmlproduct-security@apple.com
Mailing List
Release Notes
Vendor Advisory
http://marc.info/?l=bugtraq&m=130331363227777&w=2product-security@apple.com
Third Party Advisory
http://marc.info/?l=bugtraq&m=130331363227777&w=2product-security@apple.com
Third Party Advisory
http://marc.info/?l=bugtraq&m=139447903326211&w=2product-security@apple.com
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0217.htmlproduct-security@apple.com
Third Party Advisory
http://secunia.com/advisories/40775product-security@apple.com
Third Party Advisory
http://secunia.com/advisories/42109product-security@apple.com
Third Party Advisory
Vendor Advisory
http://secunia.com/advisories/42175product-security@apple.com
Third Party Advisory
Vendor Advisory
http://secunia.com/advisories/42314product-security@apple.com
Third Party Advisory
http://secunia.com/advisories/42429product-security@apple.com
Third Party Advisory
http://support.apple.com/kb/HT4456product-security@apple.com
Third Party Advisory
http://support.apple.com/kb/HT4554product-security@apple.com
Third Party Advisory
http://support.apple.com/kb/HT4566product-security@apple.com
Third Party Advisory
http://support.apple.com/kb/HT4581product-security@apple.com
Third Party Advisory
http://www.debian.org/security/2010/dsa-2128product-security@apple.com
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:243product-security@apple.com
Third Party Advisory
http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.htmlproduct-security@apple.com
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1749.htmlproduct-security@apple.com
Third Party Advisory
http://www.securityfocus.com/bid/44779product-security@apple.com
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1016-1product-security@apple.com
Third Party Advisory
http://www.vupen.com/english/advisories/2010/3046product-security@apple.com
Permissions Required
http://www.vupen.com/english/advisories/2010/3076product-security@apple.com
Permissions Required
http://www.vupen.com/english/advisories/2010/3100product-security@apple.com
Permissions Required
http://www.vupen.com/english/advisories/2011/0230product-security@apple.com
Permissions Required
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148product-security@apple.com
Third Party Advisory
http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://code.google.com/p/chromium/issues/detail?id=58731af854a3a-2127-422b-91ae-364da2661108
Exploit
Issue Tracking
Patch
Vendor Advisory
http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://mail.gnome.org/archives/xml/2010-November/msg00015.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Release Notes
Vendor Advisory
http://marc.info/?l=bugtraq&m=130331363227777&w=2af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://marc.info/?l=bugtraq&m=130331363227777&w=2af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://marc.info/?l=bugtraq&m=139447903326211&w=2af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0217.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/40775af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/42109af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Vendor Advisory
http://secunia.com/advisories/42175af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Vendor Advisory
http://secunia.com/advisories/42314af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/42429af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.apple.com/kb/HT4456af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.apple.com/kb/HT4554af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.apple.com/kb/HT4566af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.apple.com/kb/HT4581af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2010/dsa-2128af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:243af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1749.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/44779af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1016-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2010/3046af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://www.vupen.com/english/advisories/2010/3076af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://www.vupen.com/english/advisories/2010/3100af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://www.vupen.com/english/advisories/2011/0230af854a3a-2127-422b-91ae-364da2661108
Permissions Required
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/
Source: product-security@apple.com
Resource:
Broken Link
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=58731
Source: product-security@apple.com
Resource:
Exploit
Issue Tracking
Patch
Vendor Advisory
Hyperlink: http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://mail.gnome.org/archives/xml/2010-November/msg00015.html
Source: product-security@apple.com
Resource:
Mailing List
Release Notes
Vendor Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=130331363227777&w=2
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=130331363227777&w=2
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=139447903326211&w=2
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0217.html
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/40775
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/42109
Source: product-security@apple.com
Resource:
Third Party Advisory
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42175
Source: product-security@apple.com
Resource:
Third Party Advisory
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42314
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/42429
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://support.apple.com/kb/HT4456
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://support.apple.com/kb/HT4554
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://support.apple.com/kb/HT4566
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://support.apple.com/kb/HT4581
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2010/dsa-2128
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:243
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1749.html
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/44779
Source: product-security@apple.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-1016-1
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/3046
Source: product-security@apple.com
Resource:
Permissions Required
Hyperlink: http://www.vupen.com/english/advisories/2010/3076
Source: product-security@apple.com
Resource:
Permissions Required
Hyperlink: http://www.vupen.com/english/advisories/2010/3100
Source: product-security@apple.com
Resource:
Permissions Required
Hyperlink: http://www.vupen.com/english/advisories/2011/0230
Source: product-security@apple.com
Resource:
Permissions Required
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=58731
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Issue Tracking
Patch
Vendor Advisory
Hyperlink: http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://mail.gnome.org/archives/xml/2010-November/msg00015.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Release Notes
Vendor Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=130331363227777&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=130331363227777&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=139447903326211&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0217.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/40775
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/42109
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42175
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42314
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/42429
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://support.apple.com/kb/HT4456
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://support.apple.com/kb/HT4554
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://support.apple.com/kb/HT4566
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://support.apple.com/kb/HT4581
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2010/dsa-2128
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:243
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1749.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/44779
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-1016-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/3046
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: http://www.vupen.com/english/advisories/2010/3076
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: http://www.vupen.com/english/advisories/2010/3100
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: http://www.vupen.com/english/advisories/2011/0230
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

5567Records found
CVE-2017-6009
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.28% / 50.97%
||
7 Day CHG~0.00%
Published-16 Feb, 2017 | 11:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool.

Action-Not Available
Vendor-icoutils_projectn/aRed Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationicoutilsenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_linux_server_ausn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-6010
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 57.23%
||
7 Day CHG~0.00%
Published-16 Feb, 2017 | 11:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.

Action-Not Available
Vendor-icoutils_projectn/aRed Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationicoutilsenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_linux_server_ausn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5025
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 57.22%
||
7 Day CHG~0.00%
Published-17 Feb, 2017 | 07:45
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromeGoogle Chrome prior to 56.0.2924.76 for Linux, Windows and Mac
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5024
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 42.13%
||
7 Day CHG~0.00%
Published-17 Feb, 2017 | 07:45
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromeGoogle Chrome prior to 56.0.2924.76 for Linux, Windows and Mac
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4273
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.87% / 74.71%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvossafariwindowsicloudiOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-2668
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-7.61% / 91.66%
||
7 Day CHG~0.00%
Published-22 Jun, 2018 | 13:00
Updated-05 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.Fedora Project
Product-enterprise_linux_serverenterprise_linux_desktopenterprise_linux_workstation389_directory_server389-ds-base
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2012-5157
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.80% / 73.69%
||
7 Day CHG~0.00%
Published-15 Jan, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2104
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-2.03% / 83.47%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsacrobat_readeracrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15370
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.80% / 73.69%
||
7 Day CHG~0.00%
Published-16 Oct, 2017 | 04:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

Action-Not Available
Vendor-n/aSoX - Sound eXchangeDebian GNU/Linux
Product-debian_linuxsound_exchangen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15372
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.62% / 69.41%
||
7 Day CHG~0.00%
Published-16 Oct, 2017 | 04:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

Action-Not Available
Vendor-n/aSoX - Sound eXchangeDebian GNU/Linux
Product-debian_linuxsound_exchangen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15954
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.31% / 53.53%
||
7 Day CHG~0.00%
Published-28 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file.

Action-Not Available
Vendor-bchunk_projectn/aDebian GNU/Linux
Product-debian_linuxbchunkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15953
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 49.81%
||
7 Day CHG~0.00%
Published-28 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file.

Action-Not Available
Vendor-bchunk_projectn/aDebian GNU/Linux
Product-debian_linuxbchunkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-14859
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 30.61%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Action-Not Available
Vendor-n/aCanonical Ltd.Exiv2Debian GNU/Linux
Product-ubuntu_linuxexiv2debian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-2270
Matching Score-10
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-10
Assigner-Debian GNU/Linux
CVSS Score-4.3||MEDIUM
EPSS-32.94% / 96.77%
||
7 Day CHG~0.00%
Published-14 Mar, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

Action-Not Available
Vendor-file_projectn/aopenSUSEThe PHP GroupDebian GNU/LinuxCanonical Ltd.
Product-opensuseubuntu_linuxfilephpdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-14864
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 30.61%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Action-Not Available
Vendor-n/aCanonical Ltd.Exiv2Debian GNU/Linux
Product-ubuntu_linuxexiv2debian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-14862
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 30.61%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Action-Not Available
Vendor-n/aCanonical Ltd.Exiv2Debian GNU/Linux
Product-ubuntu_linuxexiv2debian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-13760
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.88%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a.

Action-Not Available
Vendor-sleuthkitn/aDebian GNU/Linux
Product-debian_linuxthe_sleuth_kitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-13064
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.70% / 81.94%
||
7 Day CHG~0.00%
Published-22 Aug, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagick
Product-debian_linuxgraphicsmagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-13063
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.54% / 81.01%
||
7 Day CHG~0.00%
Published-22 Aug, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagick
Product-debian_linuxgraphicsmagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-17811
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 40.90%
||
7 Day CHG~0.00%
Published-21 Dec, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.

Action-Not Available
Vendor-nasmn/aCanonical Ltd.
Product-ubuntu_linuxnetwide_assemblern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-17760
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.54% / 81.01%
||
7 Day CHG~0.00%
Published-29 Dec, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used.

Action-Not Available
Vendor-opencvn/aDebian GNU/Linux
Product-debian_linuxopencvn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-4489
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.76% / 72.96%
||
7 Day CHG~0.00%
Published-07 Dec, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15396
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.79% / 82.41%
||
7 Day CHG~0.00%
Published-28 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-icu-projectn/aRed Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationinternational_components_for_unicodeenterprise_linux_desktopGoogle Chrome prior to 62.0.3202.75 unknown
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-9601
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.45% / 63.14%
||
7 Day CHG~0.00%
Published-23 Apr, 2018 | 21:00
Updated-06 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.

Action-Not Available
Vendor-unspecifiedDebian GNU/LinuxArtifex Software Inc.
Product-jbig2decdebian_linuxgpl_ghostscriptghostscript
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-9556
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.30% / 52.73%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.

Action-Not Available
Vendor-n/aopenSUSEDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuxleapimagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-35522
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.26%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 19:16
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.

Action-Not Available
Vendor-n/aNetApp, Inc.Red Hat, Inc.Fedora ProjectLibTIFF
Product-ontap_select_deploy_administration_utilitylibtifffedoraenterprise_linuxlibtiff
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-16644
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.07%
||
7 Day CHG~0.00%
Published-06 Sep, 2018 | 22:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-35521
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 28.43%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 19:16
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.

Action-Not Available
Vendor-n/aNetApp, Inc.Red Hat, Inc.Fedora ProjectLibTIFF
Product-ontap_select_deploy_administration_utilitylibtiffenterprise_linuxfedoralibtiff
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-7179
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.68% / 71.06%
||
7 Day CHG~0.00%
Published-09 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-20053
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.36% / 57.97%
||
7 Day CHG~0.00%
Published-27 Dec, 2019 | 21:59
Updated-11 Apr, 2025 | 12:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

Action-Not Available
Vendor-upxn/aopenSUSE
Product-upxleapbackportsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-5317
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 69.26%
||
7 Day CHG~0.00%
Published-20 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.

Action-Not Available
Vendor-n/aopenSUSELibTIFF
Product-opensuselibtiffleapn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4079
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.23% / 45.27%
||
7 Day CHG~0.00%
Published-25 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxOracle Corporation
Product-wiresharkdebian_linuxsolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0526
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-5.05% / 89.52%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not properly handled during decompression.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-18281
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.75% / 82.21%
||
7 Day CHG~0.00%
Published-23 Oct, 2019 | 14:03
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.

Action-Not Available
Vendor-qtn/aDebian GNU/Linux
Product-qtbasedebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1685
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.45% / 80.47%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverleapopensuseenterprise_linux_desktopenterprise_linux_workstationchromedebian_linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1686
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.45% / 80.47%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverleapopensuseenterprise_linux_desktopenterprise_linux_workstationchromedebian_linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1957
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 57.28%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationopenSUSENovell
Product-leapopensusefirefoxsuse_package_hub_for_suse_linux_enterprisethunderbirdlinuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1688
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-4.87% / 89.31%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Google LLCDebian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverv8leapopensuseubuntu_linuxenterprise_linux_desktopenterprise_linux_workstationchromedebian_linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2414
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.41% / 80.23%
||
7 Day CHG~0.00%
Published-11 Aug, 2009 | 18:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)
Product-libxmllibxml2n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0023
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-14.79% / 94.34%
||
7 Day CHG~0.00%
Published-06 Jun, 2009 | 18:00
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-http_serverapr-utiln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-2001
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.84% / 74.35%
||
7 Day CHG~0.00%
Published-28 Apr, 2008 | 18:21
Updated-07 Aug, 2024 | 08:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-15582
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.83%
||
7 Day CHG~0.00%
Published-07 Jul, 2020 | 13:23
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 7885 chipsets) software. The Bluetooth Low Energy (BLE) component has a buffer overflow with a resultant deadlock or crash. The Samsung ID is SVE-2020-16870 (July 2020).

Action-Not Available
Vendor-n/aGoogle LLCSamsung
Product-androidexynos_7885n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-0988
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.88% / 82.80%
||
7 Day CHG~0.00%
Published-20 Feb, 2007 | 17:00
Updated-07 Aug, 2024 | 12:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.

Action-Not Available
Vendor-n/aCanonical Ltd.The PHP Group
Product-ubuntu_linuxphpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-1010302
Matching Score-10
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-10
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 26.48%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 17:07
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.

Action-Not Available
Vendor-jhead_projectjheadDebian GNU/LinuxFedora Project
Product-jheaddebian_linuxfedorajhead
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-13524
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-6.3||MEDIUM
EPSS-0.41% / 60.87%
||
7 Day CHG~0.00%
Published-03 Dec, 2020 | 17:03
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.

Action-Not Available
Vendor-pixarn/aApple Inc.
Product-macosmac_os_xopenusdPixar
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-7874
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.55% / 67.44%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 18:00
Updated-16 Sep, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Action-Not Available
Vendor-libmingn/aDebian GNU/Linux
Product-libmingdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-7725
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.50% / 65.31%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 17:00
Updated-10 Jul, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.

Action-Not Available
Vendor-gdraheimn/aRed Hat, Inc.Canonical Ltd.
Product-enterprise_linux_serverubuntu_linuxzziplibenterprise_linux_workstationenterprise_linux_desktopn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-6192
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.36% / 57.58%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 21:00
Updated-11 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxArtifex Software Inc.
Product-debian_linuxmupdfn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-6038
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.03% / 76.95%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-5335
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.86% / 74.69%
||
7 Day CHG~0.00%
Published-11 Jan, 2018 | 21:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 111
  • 112
  • Next
Details not found