Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-2021

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-13 May, 2013 | 23:00
Updated At-06 Aug, 2024 | 15:20
Rejected At-
Credits

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:13 May, 2013 | 23:00
Updated At:06 Aug, 2024 | 15:20
Rejected At:
▼CVE Numbering Authority (CNA)

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/53150
third-party-advisory
x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html
vendor-advisory
x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.html
vendor-advisory
x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-06/msg00018.html
vendor-advisory
x_refsource_SUSE
http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html
x_refsource_CONFIRM
http://support.apple.com/kb/HT5892
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-1816-1
vendor-advisory
x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-updates/2013-06/msg00020.html
vendor-advisory
x_refsource_SUSE
https://github.com/vrtadmin/clamav-devel/commit/24ff855c82d3f5c62bc5788a5776cefbffce2971
x_refsource_CONFIRM
http://secunia.com/advisories/53182
third-party-advisory
x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
vendor-advisory
x_refsource_APPLE
http://www.openwall.com/lists/oss-security/2013/04/29/20
mailing-list
x_refsource_MLIST
http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html
vendor-advisory
x_refsource_APPLE
http://www.securityfocus.com/bid/59434
vdb-entry
x_refsource_BID
http://www.openwall.com/lists/oss-security/2013/04/25/2
mailing-list
x_refsource_MLIST
http://www.mandriva.com/security/advisories?name=MDVSA-2013:159
vendor-advisory
x_refsource_MANDRIVA
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html
vendor-advisory
x_refsource_FEDORA
https://bugzilla.clamav.net/show_bug.cgi?id=7053
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html
vendor-advisory
x_refsource_FEDORA
http://support.apple.com/kb/HT5880
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/53150
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00018.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://support.apple.com/kb/HT5892
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-1816-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00020.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://github.com/vrtadmin/clamav-devel/commit/24ff855c82d3f5c62bc5788a5776cefbffce2971
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/53182
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.openwall.com/lists/oss-security/2013/04/29/20
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.securityfocus.com/bid/59434
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.openwall.com/lists/oss-security/2013/04/25/2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:159
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://bugzilla.clamav.net/show_bug.cgi?id=7053
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://support.apple.com/kb/HT5880
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/53150
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-06/msg00018.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html
x_refsource_CONFIRM
x_transferred
http://support.apple.com/kb/HT5892
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-1816-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-06/msg00020.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://github.com/vrtadmin/clamav-devel/commit/24ff855c82d3f5c62bc5788a5776cefbffce2971
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/53182
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.openwall.com/lists/oss-security/2013/04/29/20
mailing-list
x_refsource_MLIST
x_transferred
http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.securityfocus.com/bid/59434
vdb-entry
x_refsource_BID
x_transferred
http://www.openwall.com/lists/oss-security/2013/04/25/2
mailing-list
x_refsource_MLIST
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2013:159
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://bugzilla.clamav.net/show_bug.cgi?id=7053
x_refsource_CONFIRM
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://support.apple.com/kb/HT5880
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/53150
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00018.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://support.apple.com/kb/HT5892
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1816-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00020.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://github.com/vrtadmin/clamav-devel/commit/24ff855c82d3f5c62bc5788a5776cefbffce2971
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/53182
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2013/04/29/20
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/59434
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2013/04/25/2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:159
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://bugzilla.clamav.net/show_bug.cgi?id=7053
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://support.apple.com/kb/HT5880
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:13 May, 2013 | 23:55
Updated At:11 Apr, 2025 | 00:51

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
Canonical Ltd.
canonical
>>ubuntu_linux>>10.04
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>11.10
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.10
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>13.04
cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_server>>11.0
cpe:2.3:o:suse:linux_enterprise_server:11.0:sp1:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_server>>11.0
cpe:2.3:o:suse:linux_enterprise_server:11.0:sp2:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.97.1
cpe:2.3:a:clamav:clamav:0.97.1:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.97.2
cpe:2.3:a:clamav:clamav:0.97.2:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.97.3
cpe:2.3:a:clamav:clamav:0.97.3:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.97.4
cpe:2.3:a:clamav:clamav:0.97.4:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.97.5
cpe:2.3:a:clamav:clamav:0.97.5:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.97.6
cpe:2.3:a:clamav:clamav:0.97.6:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.97.7
cpe:2.3:a:clamav:clamav:0.97.7:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Per http://www.ubuntu.com/usn/USN-1816-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS"

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blog.clamav.net/2013/04/clamav-0978-has-been-released.htmlsecalert@redhat.com
N/A
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlsecalert@redhat.com
N/A
http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2013-06/msg00018.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2013-06/msg00020.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/53150secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/53182secalert@redhat.com
Vendor Advisory
http://support.apple.com/kb/HT5880secalert@redhat.com
N/A
http://support.apple.com/kb/HT5892secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2013:159secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2013/04/25/2secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2013/04/29/20secalert@redhat.com
N/A
http://www.securityfocus.com/bid/59434secalert@redhat.com
N/A
http://www.ubuntu.com/usn/USN-1816-1secalert@redhat.com
N/A
https://bugzilla.clamav.net/show_bug.cgi?id=7053secalert@redhat.com
N/A
https://github.com/vrtadmin/clamav-devel/commit/24ff855c82d3f5c62bc5788a5776cefbffce2971secalert@redhat.com
N/A
http://blog.clamav.net/2013/04/clamav-0978-has-been-released.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2013-06/msg00018.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2013-06/msg00020.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/53150af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/53182af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://support.apple.com/kb/HT5880af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT5892af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2013:159af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2013/04/25/2af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2013/04/29/20af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/59434af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1816-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.clamav.net/show_bug.cgi?id=7053af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/vrtadmin/clamav-devel/commit/24ff855c82d3f5c62bc5788a5776cefbffce2971af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00018.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00020.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/53150
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/53182
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT5880
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT5892
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:159
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2013/04/25/2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2013/04/29/20
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/59434
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1816-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.clamav.net/show_bug.cgi?id=7053
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://github.com/vrtadmin/clamav-devel/commit/24ff855c82d3f5c62bc5788a5776cefbffce2971
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00018.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00020.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/53150
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/53182
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT5880
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT5892
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:159
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2013/04/25/2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2013/04/29/20
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/59434
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1816-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.clamav.net/show_bug.cgi?id=7053
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/vrtadmin/clamav-devel/commit/24ff855c82d3f5c62bc5788a5776cefbffce2971
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1354Records found
CVE-2017-17886
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 62.60%
||
7 Day CHG~0.00%
Published-24 Dec, 2017 | 04:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2020-16290
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.89% / 74.60%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:07
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxArtifex Software Inc.
Product-ubuntu_linuxdebian_linuxghostscriptn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18029
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.90% / 74.68%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 20:00
Updated-05 Aug, 2024 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCCanonical Ltd.
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-18252
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.58%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 03:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCCanonical Ltd.
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2017-17788
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.50% / 64.92%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GIMP
Product-gimpubuntu_linuxdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-17813
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.29%
||
7 Day CHG~0.00%
Published-21 Dec, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.

Action-Not Available
Vendor-nasmn/aCanonical Ltd.
Product-ubuntu_linuxnetwide_assemblern/a
CWE ID-CWE-416
Use After Free
CVE-2017-17881
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 62.70%
||
7 Day CHG~0.00%
Published-24 Dec, 2017 | 04:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-17814
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.29%
||
7 Day CHG~0.00%
Published-21 Dec, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.

Action-Not Available
Vendor-nasmn/aCanonical Ltd.
Product-ubuntu_linuxnetwide_assemblern/a
CWE ID-CWE-416
Use After Free
CVE-2017-17885
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 62.70%
||
7 Day CHG~0.00%
Published-24 Dec, 2017 | 04:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-17815
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 42.00%
||
7 Day CHG~0.00%
Published-21 Dec, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.

Action-Not Available
Vendor-nasmn/aCanonical Ltd.
Product-ubuntu_linuxnetwide_assemblern/a
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2017-17812
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 42.00%
||
7 Day CHG~0.00%
Published-21 Dec, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.

Action-Not Available
Vendor-nasmn/aCanonical Ltd.
Product-ubuntu_linuxnetwide_assemblern/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-16299
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.48% / 63.91%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:08
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxArtifex Software Inc.
Product-ubuntu_linuxdebian_linuxghostscriptn/a
CWE ID-CWE-369
Divide By Zero
CVE-2013-4202
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.71% / 71.41%
||
7 Day CHG~0.00%
Published-16 Sep, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.

Action-Not Available
Vendor-n/aOpenStackCanonical Ltd.
Product-cinderubuntu_linuxn/a
CVE-2017-18233
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.30% / 52.72%
||
7 Day CHG~0.00%
Published-15 Mar, 2018 | 19:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file.

Action-Not Available
Vendor-exempi_projectn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxexempidebian_linuxn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-18254
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.40%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 03:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCCanonical Ltd.
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-17817
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.35%
||
7 Day CHG~0.00%
Published-21 Dec, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.

Action-Not Available
Vendor-nasmn/aCanonical Ltd.
Product-ubuntu_linuxnetwide_assemblern/a
CWE ID-CWE-416
Use After Free
CVE-2017-17819
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 42.00%
||
7 Day CHG~0.00%
Published-21 Dec, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.

Action-Not Available
Vendor-nasmn/aCanonical Ltd.
Product-ubuntu_linuxnetwide_assemblern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-17934
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.51% / 65.30%
||
7 Day CHG~0.00%
Published-27 Dec, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2020-16310
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.48% / 63.91%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:10
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxArtifex Software Inc.
Product-ubuntu_linuxdebian_linuxghostscriptn/a
CWE ID-CWE-369
Divide By Zero
CVE-2020-16302
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.81% / 73.25%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:09
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxArtifex Software Inc.
Product-ubuntu_linuxdebian_linuxghostscriptn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2017-18022
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 51.96%
||
7 Day CHG~0.00%
Published-05 Jan, 2018 | 19:00
Updated-05 Aug, 2024 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCCanonical Ltd.
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-18251
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.40%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 03:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCCanonical Ltd.
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2020-16291
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.63% / 69.40%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:08
Updated-04 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

Action-Not Available
Vendor-n/aCanonical Ltd.Artifex Software Inc.Debian GNU/Linux
Product-debian_linuxghostscriptubuntu_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-17504
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.98% / 75.81%
||
7 Day CHG~0.00%
Published-11 Dec, 2017 | 02:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.ImageMagick Studio LLC
Product-ubuntu_linuxdebian_linuximagemagickn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-16304
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.63% / 69.34%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:09
Updated-14 Mar, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51.

Action-Not Available
Vendor-n/aArtifex Software Inc.Canonical Ltd.Debian GNU/Linux
Product-debian_linuxubuntu_linuxghostscriptn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-17816
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.29%
||
7 Day CHG~0.00%
Published-21 Dec, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.

Action-Not Available
Vendor-nasmn/aCanonical Ltd.
Product-ubuntu_linuxnetwide_assemblern/a
CWE ID-CWE-416
Use After Free
CVE-2013-2038
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.01% / 82.96%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.

Action-Not Available
Vendor-gpsd_projectn/aCanonical Ltd.
Product-gpsdubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2132
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.60% / 85.05%
||
7 Day CHG~0.00%
Published-15 Aug, 2013 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."

Action-Not Available
Vendor-n/aMongoDB, Inc.openSUSECanonical Ltd.
Product-mongodbopensuseubuntu_linuxn/a
CVE-2017-15873
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.23%
||
7 Day CHG+0.01%
Published-24 Oct, 2017 | 20:00
Updated-09 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.

Action-Not Available
Vendor-busyboxn/aDebian GNU/LinuxCanonical Ltd.
Product-debian_linuxbusyboxubuntu_linuxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2013-1896
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-36.05% / 96.97%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

Action-Not Available
Vendor-n/aopenSUSEThe Apache Software FoundationRed Hat, Inc.Canonical Ltd.
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_server_ausenterprise_linux_eusjboss_enterprise_application_platformopensuseenterprise_linux_desktopubuntu_linuxhttp_serverenterprise_linux_workstationn/a
CVE-2013-2099
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-4.21% / 88.29%
||
7 Day CHG+0.74%
Published-09 Oct, 2013 | 14:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.

Action-Not Available
Vendor-n/aPython Software FoundationCanonical Ltd.
Product-pythonubuntu_linuxn/a
CVE-2006-4343
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-9.77% / 92.64%
||
7 Day CHG~0.00%
Published-28 Sep, 2006 | 18:00
Updated-07 Aug, 2024 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxOpenSSL
Product-ubuntu_linuxdebian_linuxopenssln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2013-1055
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.86%
||
7 Day CHG~0.00%
Published-07 Apr, 2021 | 19:20
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential DoS through abuse of rate limit in libunity-webapps for Firefox

The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.

Action-Not Available
Vendor-Canonical Ltd.
Product-ubuntu_linuxunity-firefox-extensionlibunity-webappsunity-firefox-extension
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2020-11765
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 56.74%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 22:41
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.

Action-Not Available
Vendor-openexrn/aDebian GNU/LinuxCanonical Ltd.openSUSEFedora ProjectApple Inc.
Product-ubuntu_linuxitunesiphone_osdebian_linuxipadostvoswatchosfedoramac_os_xopenexricloudleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-193
Off-by-one Error
CVE-2017-14342
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 49.85%
||
7 Day CHG~0.00%
Published-12 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2012-6151
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-19.89% / 95.24%
||
7 Day CHG~0.00%
Published-13 Dec, 2013 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.

Action-Not Available
Vendor-n/aApple Inc.Net-SNMPCanonical Ltd.
Product-mac_os_xubuntu_linuxnet-snmpn/a
CVE-2017-14166
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.47% / 84.65%
||
7 Day CHG~0.00%
Published-06 Sep, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.libarchive
Product-libarchivedebian_linuxubuntu_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2006-6811
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.77% / 89.03%
||
7 Day CHG~0.00%
Published-29 Dec, 2006 | 11:00
Updated-07 Aug, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.

Action-Not Available
Vendor-n/aCanonical Ltd.KDE
Product-ksircubuntu_linuxn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2017-15217
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 66.40%
||
7 Day CHG~0.00%
Published-10 Oct, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-15218
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 63.44%
||
7 Day CHG~0.00%
Published-10 Oct, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-14060
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 63.94%
||
7 Day CHG~0.00%
Published-31 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2005-3501
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-7.23% / 91.24%
||
7 Day CHG~0.00%
Published-05 Nov, 2005 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.

Action-Not Available
Vendor-n/aClamAV
Product-clamavn/a
CVE-2017-14633
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.00% / 76.06%
||
7 Day CHG~0.00%
Published-21 Sep, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().

Action-Not Available
Vendor-xiph.orgn/aDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlibvorbisn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-14326
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 58.46%
||
7 Day CHG~0.00%
Published-12 Sep, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2012-0876
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.41% / 60.74%
||
7 Day CHG~0.00%
Published-03 Jul, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

Action-Not Available
Vendor-libexpat_projectn/aCanonical Ltd.Red Hat, Inc.Oracle CorporationPython Software FoundationDebian GNU/Linux
Product-storageenterprise_linux_desktopenterprise_linux_server_ausubuntu_linuxenterprise_linux_eusenterprise_linux_workstationlibexpatpythondebian_linuxsolarisenterprise_linux_servern/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2012-1186
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 50.12%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEImageMagick Studio LLCDebian GNU/Linux
Product-debian_linuxopensuseimagemagickubuntu_linuxn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-14343
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 60.22%
||
7 Day CHG~0.00%
Published-12 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2012-0260
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-6.5||MEDIUM
EPSS-1.94% / 82.65%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.openSUSEImageMagick Studio LLCDebian GNU/Linux
Product-storageenterprise_linux_desktopubuntu_linuximagemagickenterprise_linux_eusenterprise_linux_workstationenterprise_linux_ausdebian_linuxopensuseenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2012-0248
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 51.70%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.ImageMagick Studio LLCDebian GNU/Linux
Product-storageenterprise_linux_desktopenterprise_linux_server_ausubuntu_linuximagemagickenterprise_linux_eusenterprise_linux_workstationdebian_linuxenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2011-1783
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-5.22% / 89.55%
||
7 Day CHG~0.00%
Published-06 Jun, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Fedora ProjectThe Apache Software FoundationApple Inc.
Product-ubuntu_linuxfedoradebian_linuxmac_os_xsubversionn/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 27
  • 28
  • Next
Details not found