Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-1552

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-31 Mar, 2011 | 23:00
Updated At-06 Aug, 2024 | 22:28
Rejected At-
Credits

t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:31 Mar, 2011 | 23:00
Updated At:06 Aug, 2024 | 22:28
Rejected At:
▼CVE Numbering Authority (CNA)

t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/43823
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/48985
third-party-advisory
x_refsource_SECUNIA
http://securityreason.com/securityalert/8171
third-party-advisory
x_refsource_SREASON
http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2011/0728
vdb-entry
x_refsource_VUPEN
http://rhn.redhat.com/errata/RHSA-2012-1201.html
vendor-advisory
x_refsource_REDHAT
http://www.foolabs.com/xpdf/download.html
x_refsource_CONFIRM
http://www.toucan-system.com/advisories/tssa-2011-01.txt
x_refsource_MISC
http://www.kb.cert.org/vuls/id/376500
third-party-advisory
x_refsource_CERT-VN
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
vendor-advisory
x_refsource_MANDRIVA
https://security.gentoo.org/glsa/201701-57
vendor-advisory
x_refsource_GENTOO
http://securitytracker.com/id?1025266
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/archive/1/517205/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/43823
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/48985
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://securityreason.com/securityalert/8171
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2011/0728
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1201.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.foolabs.com/xpdf/download.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.toucan-system.com/advisories/tssa-2011-01.txt
Resource:
x_refsource_MISC
Hyperlink: http://www.kb.cert.org/vuls/id/376500
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: https://security.gentoo.org/glsa/201701-57
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://securitytracker.com/id?1025266
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/archive/1/517205/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/43823
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/48985
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://securityreason.com/securityalert/8171
third-party-advisory
x_refsource_SREASON
x_transferred
http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2011/0728
vdb-entry
x_refsource_VUPEN
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-1201.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.foolabs.com/xpdf/download.html
x_refsource_CONFIRM
x_transferred
http://www.toucan-system.com/advisories/tssa-2011-01.txt
x_refsource_MISC
x_transferred
http://www.kb.cert.org/vuls/id/376500
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
vendor-advisory
x_refsource_MANDRIVA
x_transferred
https://security.gentoo.org/glsa/201701-57
vendor-advisory
x_refsource_GENTOO
x_transferred
http://securitytracker.com/id?1025266
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/archive/1/517205/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/43823
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/48985
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://securityreason.com/securityalert/8171
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0728
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1201.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.foolabs.com/xpdf/download.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.toucan-system.com/advisories/tssa-2011-01.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/376500
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201701-57
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://securitytracker.com/id?1025266
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/517205/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:31 Mar, 2011 | 23:55
Updated At:11 Apr, 2025 | 00:51

t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
t1lib
t1lib
>>t1lib>>Versions up to 5.1.2(inclusive)
cpe:2.3:a:t1lib:t1lib:*:*:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>0.1
cpe:2.3:a:t1lib:t1lib:0.1:alpha:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>0.2
cpe:2.3:a:t1lib:t1lib:0.2:beta:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>0.3
cpe:2.3:a:t1lib:t1lib:0.3:beta:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>0.4
cpe:2.3:a:t1lib:t1lib:0.4:beta:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>0.5
cpe:2.3:a:t1lib:t1lib:0.5:beta:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>0.6
cpe:2.3:a:t1lib:t1lib:0.6:beta:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>0.7
cpe:2.3:a:t1lib:t1lib:0.7:beta:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>0.8
cpe:2.3:a:t1lib:t1lib:0.8:beta:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>0.9
cpe:2.3:a:t1lib:t1lib:0.9:*:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>0.9.1
cpe:2.3:a:t1lib:t1lib:0.9.1:*:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>0.9.2
cpe:2.3:a:t1lib:t1lib:0.9.2:*:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>1.0
cpe:2.3:a:t1lib:t1lib:1.0:*:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>1.0.1
cpe:2.3:a:t1lib:t1lib:1.0.1:*:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>1.1.0
cpe:2.3:a:t1lib:t1lib:1.1.0:*:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>1.1.1
cpe:2.3:a:t1lib:t1lib:1.1.1:*:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>1.2
cpe:2.3:a:t1lib:t1lib:1.2:*:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>1.3
cpe:2.3:a:t1lib:t1lib:1.3:*:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>1.3.1
cpe:2.3:a:t1lib:t1lib:1.3.1:*:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>5.0.0
cpe:2.3:a:t1lib:t1lib:5.0.0:*:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>5.0.1
cpe:2.3:a:t1lib:t1lib:5.0.1:*:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>5.0.2
cpe:2.3:a:t1lib:t1lib:5.0.2:*:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>5.1.0
cpe:2.3:a:t1lib:t1lib:5.1.0:*:*:*:*:*:*:*
t1lib
t1lib
>>t1lib>>5.1.1
cpe:2.3:a:t1lib:t1lib:5.1.1:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>0.5a
cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>0.7a
cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>0.91a
cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>0.91b
cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>0.91c
cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>0.92a
cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>0.92b
cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>0.92c
cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>0.92d
cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>0.92e
cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>0.93a
cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>0.93b
cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>0.93c
cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>1.00a
cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>3.0.1
cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>3.02pl1
cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>3.02pl2
cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>3.02pl3
cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
foolabs
foolabs
>>xpdf>>3.02pl4
cpe:2.3:a:foolabs:xpdf:3.02pl4:*:*:*:*:*:*:*
glyphandcog
glyphandcog
>>xpdfreader>>Versions up to 3.02(inclusive)
cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*
glyphandcog
glyphandcog
>>xpdfreader>>0.2
cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*
glyphandcog
glyphandcog
>>xpdfreader>>0.3
cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*
glyphandcog
glyphandcog
>>xpdfreader>>0.4
cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*
glyphandcog
glyphandcog
>>xpdfreader>>0.5
cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*
glyphandcog
glyphandcog
>>xpdfreader>>0.6
cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*
glyphandcog
glyphandcog
>>xpdfreader>>0.7
cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://rhn.redhat.com/errata/RHSA-2012-1201.htmlcve@mitre.org
N/A
http://secunia.com/advisories/43823cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/48985cve@mitre.org
N/A
http://securityreason.com/securityalert/8171cve@mitre.org
N/A
http://securitytracker.com/id?1025266cve@mitre.org
N/A
http://www.foolabs.com/xpdf/download.htmlcve@mitre.org
Patch
http://www.kb.cert.org/vuls/id/376500cve@mitre.org
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8ECL8Xcve@mitre.org
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/517205/100/0/threadedcve@mitre.org
N/A
http://www.toucan-system.com/advisories/tssa-2011-01.txtcve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0728cve@mitre.org
Vendor Advisory
https://security.gentoo.org/glsa/201701-57cve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2012-1201.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/43823af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/48985af854a3a-2127-422b-91ae-364da2661108
N/A
http://securityreason.com/securityalert/8171af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1025266af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.foolabs.com/xpdf/download.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
http://www.kb.cert.org/vuls/id/376500af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8ECL8Xaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/517205/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.toucan-system.com/advisories/tssa-2011-01.txtaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0728af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://security.gentoo.org/glsa/201701-57af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1201.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/43823
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/48985
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/8171
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1025266
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.foolabs.com/xpdf/download.html
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.kb.cert.org/vuls/id/376500
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/517205/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.toucan-system.com/advisories/tssa-2011-01.txt
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0728
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/201701-57
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1201.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/43823
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/48985
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/8171
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1025266
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.foolabs.com/xpdf/download.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.kb.cert.org/vuls/id/376500
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/517205/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.toucan-system.com/advisories/tssa-2011-01.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0728
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/201701-57
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

531Records found
CVE-2017-1000186
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 37.41%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SWFTools, a stack overflow was found in pdf2swf.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-1420
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 18.30%
||
7 Day CHG~0.00%
Published-21 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Out-of-range Pointer Offset in vim/vim

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.

Action-Not Available
Vendor-Fedora ProjectVimApple Inc.
Product-fedoramacosvimvim/vim
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-1000185
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 37.22%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SWFTools, a memcpy buffer overflow was found in gif2swf.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-0689
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.61%
||
7 Day CHG~0.00%
Published-06 Jul, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36215950.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2017-1000187
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 40.36%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-9432
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.65% / 69.93%
||
7 Day CHG~0.00%
Published-12 Dec, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (memory corruption, segmentation fault, and crash) via a crafted HTML page.

Action-Not Available
Vendor-tatsn/a
Product-w3mn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-9556
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.48%
||
7 Day CHG-0.03%
Published-23 Mar, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.

Action-Not Available
Vendor-n/aopenSUSEDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuxleapimagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-9627
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.64% / 69.68%
||
7 Day CHG~0.00%
Published-12 Dec, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page.

Action-Not Available
Vendor-tatsn/a
Product-w3mn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-9439
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 68.80%
||
7 Day CHG~0.00%
Published-12 Dec, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.

Action-Not Available
Vendor-tatsn/a
Product-w3mn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-9264
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 46.84%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file.

Action-Not Available
Vendor-libmingn/a
Product-libmingn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-9298
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 47.45%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-9601
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.43% / 61.73%
||
7 Day CHG~0.00%
Published-23 Apr, 2018 | 21:00
Updated-06 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.

Action-Not Available
Vendor-unspecifiedDebian GNU/LinuxArtifex Software Inc.
Product-jbig2decdebian_linuxgpl_ghostscriptghostscript
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-9431
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.65% / 69.82%
||
7 Day CHG~0.00%
Published-12 Dec, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.

Action-Not Available
Vendor-tatsn/a
Product-w3mn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-9773
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.47% / 63.69%
||
7 Day CHG~0.00%
Published-16 Feb, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-11578
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 51.43%
||
7 Day CHG~0.00%
Published-31 May, 2018 | 00:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault.

Action-Not Available
Vendor-miniupnp_projectn/a
Product-ngiflibn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-8685
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 47.19%
||
7 Day CHG~0.00%
Published-31 Jan, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image.

Action-Not Available
Vendor-potrace_projectn/a
Product-potracen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-9115
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 58.27%
||
7 Day CHG~0.00%
Published-30 Oct, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

Action-Not Available
Vendor-uclouvainn/a
Product-openjpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-8030
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 57.45%
||
7 Day CHG~0.00%
Published-25 Apr, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link.

Action-Not Available
Vendor-McAfee, LLC
Product-virusscan_enterpriseVirusScan Enterprise
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-7179
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.33% / 55.27%
||
7 Day CHG~0.00%
Published-09 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-6832
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.36% / 57.57%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing.

Action-Not Available
Vendor-libavn/a
Product-libavn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-7562
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.63% / 69.47%
||
7 Day CHG~0.00%
Published-23 Dec, 2016 | 05:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-7176
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.31% / 53.48%
||
7 Day CHG~0.00%
Published-09 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-5359
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 40.27%
||
7 Day CHG~0.00%
Published-07 Aug, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-5317
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 68.83%
||
7 Day CHG~0.00%
Published-20 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.

Action-Not Available
Vendor-n/aopenSUSELibTIFF
Product-opensuselibtiffleapn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-5321
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 39.06%
||
7 Day CHG~0.00%
Published-20 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.

Action-Not Available
Vendor-n/aopenSUSELibTIFF
Product-opensuselibtiffn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-6207
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-5.02% / 89.32%
||
7 Day CHG~0.00%
Published-12 Aug, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.

Action-Not Available
Vendor-libgdn/aThe PHP GroupDebian GNU/LinuxopenSUSE
Product-libgddebian_linuxleapphpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-6416
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.89% / 74.56%
||
7 Day CHG~0.00%
Published-05 Oct, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-web_security_applianceemail_security_appliancecontent_security_management_appliancen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-5319
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.20% / 78.11%
||
7 Day CHG~0.00%
Published-20 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5315
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.55% / 80.70%
||
7 Day CHG~0.00%
Published-21 Feb, 2018 | 16:00
Updated-06 Aug, 2024 | 06:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.

Action-Not Available
Vendor-w1.fin/aDebian GNU/Linux
Product-wpa_supplicantdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4528
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5||MEDIUM
EPSS-0.14% / 34.78%
||
7 Day CHG~0.00%
Published-25 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-webaccessn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4796
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 50.58%
||
7 Day CHG~0.00%
Published-03 Feb, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.

Action-Not Available
Vendor-uclouvainn/aFedora Project
Product-fedoraopenjpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4663
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.25%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4415
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.39% / 59.01%
||
7 Day CHG~0.00%
Published-01 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4417
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.22% / 44.20%
||
7 Day CHG~0.00%
Published-01 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4416
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-01 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5314
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.55% / 80.70%
||
7 Day CHG~0.00%
Published-21 Feb, 2018 | 16:00
Updated-06 Aug, 2024 | 06:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.

Action-Not Available
Vendor-w1.fin/aDebian GNU/Linux
Product-wpa_supplicantdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4079
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.23% / 45.50%
||
7 Day CHG~0.00%
Published-25 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxOracle Corporation
Product-wiresharkdebian_linuxsolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3182
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.57% / 67.62%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 00:03
Updated-05 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file.

Action-Not Available
Vendor-uclouvainn/a
Product-openjpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3941
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.31% / 53.35%
||
7 Day CHG~0.00%
Published-18 Apr, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."

Action-Not Available
Vendor-n/aVideoLANCanonical Ltd.
Product-vlc_media_playerubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3977
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.84% / 73.71%
||
7 Day CHG-0.14%
Published-21 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.

Action-Not Available
Vendor-giflib_projectn/aopenSUSE
Product-opensusegiflibn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4080
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.36% / 57.22%
||
7 Day CHG~0.00%
Published-25 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2531
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.43% / 79.85%
||
7 Day CHG~0.00%
Published-28 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1688
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-4.87% / 89.15%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Google LLCDebian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverv8leapopensuseubuntu_linuxenterprise_linux_desktopenterprise_linux_workstationchromedebian_linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2213
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.68% / 70.71%
||
7 Day CHG~0.00%
Published-03 Feb, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-46333
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.04%
||
7 Day CHG~0.00%
Published-20 Jan, 2022 | 21:14
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moddable SDK v11.5.0 was discovered to contain an invalid memory access vulnerability via the component __asan_memmove.

Action-Not Available
Vendor-moddablen/a
Product-moddable_sdkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2541
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.86% / 74.10%
||
7 Day CHG~0.00%
Published-07 Feb, 2018 | 17:00
Updated-05 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file.

Action-Not Available
Vendor-audacityteamn/a
Product-audacityn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2073
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.51% / 80.42%
||
7 Day CHG~0.00%
Published-12 Feb, 2016 | 15:26
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)Debian GNU/LinuxCanonical Ltd.
Product-libxml2debian_linuxubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1685
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.45% / 79.99%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverleapopensuseenterprise_linux_desktopenterprise_linux_workstationchromedebian_linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1686
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.45% / 79.99%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverleapopensuseenterprise_linux_desktopenterprise_linux_workstationchromedebian_linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2037
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-19.45% / 95.17%
||
7 Day CHG~0.00%
Published-22 Feb, 2016 | 15:05
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGNU
Product-debian_linuxcpion/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 10
  • 11
  • Next
Details not found