Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-8472

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-21 Jan, 2016 | 15:00
Updated At-06 Aug, 2024 | 08:20
Rejected At-
Credits

Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:21 Jan, 2016 | 15:00
Updated At:06 Aug, 2024 | 08:20
Rejected At:
▼CVE Numbering Authority (CNA)

Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
vendor-advisory
x_refsource_APPLE
https://support.apple.com/HT206167
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
vendor-advisory
x_refsource_SUSE
http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/
x_refsource_CONFIRM
http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2016:1430
vendor-advisory
x_refsource_REDHAT
http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-2595.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2015-2596.html
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
vendor-advisory
x_refsource_SUSE
https://kc.mcafee.com/corporate/index?page=content&id=SB10148
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
vendor-advisory
x_refsource_SUSE
http://www.openwall.com/lists/oss-security/2015/12/03/6
mailing-list
x_refsource_MLIST
http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/
x_refsource_CONFIRM
http://www.securityfocus.com/bid/78624
vdb-entry
x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2016-0057.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0055.html
vendor-advisory
x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html
vendor-advisory
x_refsource_FEDORA
http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/
x_refsource_CONFIRM
http://www.debian.org/security/2016/dsa-3443
vendor-advisory
x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2016-0056.html
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
vendor-advisory
x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html
vendor-advisory
x_refsource_FEDORA
http://rhn.redhat.com/errata/RHSA-2015-2594.html
vendor-advisory
x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html
vendor-advisory
x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: https://support.apple.com/HT206167
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/
Resource:
x_refsource_CONFIRM
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1430
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2595.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2596.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10148
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.openwall.com/lists/oss-security/2015/12/03/6
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/78624
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0057.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0055.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2016/dsa-3443
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0056.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2594.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
vendor-advisory
x_refsource_APPLE
x_transferred
https://support.apple.com/HT206167
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/
x_refsource_CONFIRM
x_transferred
http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/
x_refsource_CONFIRM
x_transferred
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
x_refsource_CONFIRM
x_transferred
https://access.redhat.com/errata/RHSA-2016:1430
vendor-advisory
x_refsource_REDHAT
x_transferred
http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2015-2595.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2015-2596.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://kc.mcafee.com/corporate/index?page=content&id=SB10148
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.openwall.com/lists/oss-security/2015/12/03/6
mailing-list
x_refsource_MLIST
x_transferred
http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/78624
vdb-entry
x_refsource_BID
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0057.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0055.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2016/dsa-3443
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0056.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://rhn.redhat.com/errata/RHSA-2015-2594.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: https://support.apple.com/HT206167
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1430
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2595.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2596.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10148
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2015/12/03/6
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/78624
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0057.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0055.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2016/dsa-3443
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0056.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2594.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:21 Jan, 2016 | 15:59
Updated At:12 Apr, 2025 | 10:46

Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.3HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Apple Inc.
apple
>>mac_os_x>>Versions up to 10.11.3(inclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.0.64
cpe:2.3:a:libpng:libpng:1.0.64:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.0
cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.1
cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.2
cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.3
cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.4
cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.10
cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.11
cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.12
cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.13
cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.14
cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.15
cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.16
cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.17
cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.18
cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.19
cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.20
cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.21
cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.22
cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.23
cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.24
cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.25
cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.26
cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.27
cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.28
cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.29
cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.30
cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.31
cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.32
cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.33
cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.34
cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.35
cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.36
cpe:2.3:a:libpng:libpng:1.2.36:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.37
cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.38
cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.39
cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.40
cpe:2.3:a:libpng:libpng:1.2.40:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.41
cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.42
cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.43
cpe:2.3:a:libpng:libpng:1.2.43:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.44
cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.45
cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.46
cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.47
cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.48
cpe:2.3:a:libpng:libpng:1.2.48:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.49
cpe:2.3:a:libpng:libpng:1.2.49:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.50
cpe:2.3:a:libpng:libpng:1.2.50:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.51
cpe:2.3:a:libpng:libpng:1.2.51:*:*:*:*:*:*:*
libpng
libpng
>>libpng>>1.2.52
cpe:2.3:a:libpng:libpng:1.2.52:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.htmlcve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2015-2594.htmlcve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2015-2595.htmlcve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2015-2596.htmlcve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2016-0055.htmlcve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2016-0056.htmlcve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2016-0057.htmlcve@mitre.org
N/A
http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/cve@mitre.org
N/A
http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/cve@mitre.org
N/A
http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/cve@mitre.org
N/A
http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/cve@mitre.org
N/A
http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/cve@mitre.org
N/A
http://www.debian.org/security/2016/dsa-3443cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2015/12/03/6cve@mitre.org
N/A
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlcve@mitre.org
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/78624cve@mitre.org
N/A
https://access.redhat.com/errata/RHSA-2016:1430cve@mitre.org
N/A
https://kc.mcafee.com/corporate/index?page=content&id=SB10148cve@mitre.org
N/A
https://support.apple.com/HT206167cve@mitre.org
Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2015-2594.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2015-2595.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2015-2596.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-0055.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-0056.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-0057.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/af854a3a-2127-422b-91ae-364da2661108
N/A
http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/af854a3a-2127-422b-91ae-364da2661108
N/A
http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/af854a3a-2127-422b-91ae-364da2661108
N/A
http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/af854a3a-2127-422b-91ae-364da2661108
N/A
http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2016/dsa-3443af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2015/12/03/6af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/78624af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2016:1430af854a3a-2127-422b-91ae-364da2661108
N/A
https://kc.mcafee.com/corporate/index?page=content&id=SB10148af854a3a-2127-422b-91ae-364da2661108
N/A
https://support.apple.com/HT206167af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2594.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2595.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2596.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0055.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0056.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0057.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2016/dsa-3443
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2015/12/03/6
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/78624
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1430
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10148
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://support.apple.com/HT206167
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2594.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2595.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2596.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0055.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0056.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0057.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2016/dsa-3443
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2015/12/03/6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/78624
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1430
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10148
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://support.apple.com/HT206167
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

4022Records found
CVE-2016-4615
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.55% / 84.91%
||
7 Day CHG~0.00%
Published-22 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4616, and CVE-2016-4619.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-watchositunesicloudwindowsiphone_osmac_os_xtvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2833
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.67% / 70.41%
||
7 Day CHG~0.00%
Published-10 Nov, 2009 | 19:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0019
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.57%
||
7 Day CHG~0.00%
Published-13 Feb, 2009 | 00:00
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3141
Matching Score-10
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-10
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-40.69% / 97.27%
||
7 Day CHG~0.00%
Published-31 Mar, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.

Action-Not Available
Vendor-n/aThe PHP GroupApple Inc.
Product-mac_os_xphpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0226
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-90.14% / 99.57%
||
7 Day CHG~0.00%
Published-10 Jan, 2008 | 23:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Action-Not Available
Vendor-mysqlyassln/aApple Inc.Oracle CorporationCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmac_os_xyasslmysqln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3639
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-10.22% / 92.85%
||
7 Day CHG~0.00%
Published-14 Oct, 2008 | 20:00
Updated-07 Aug, 2024 | 09:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.

Action-Not Available
Vendor-n/aApple Inc.
Product-cupsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0718
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.77% / 81.91%
||
7 Day CHG-0.05%
Published-26 May, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

Action-Not Available
Vendor-libexpat_projectn/aMozilla CorporationopenSUSESUSEApple Inc.McAfee, LLCDebian GNU/LinuxPython Software FoundationCanonical Ltd.
Product-pythonstudio_onsitelibexpatpolicy_auditorfirefoxmac_os_xleapubuntu_linuxopensuselinux_enterprise_software_development_kitlinux_enterprise_desktopdebian_linuxlinux_enterprise_serverlinux_enterprise_debuginfon/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-1770
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.36% / 84.31%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 14:55
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow may result in arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A logic issue was addressed with improved state management.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacostvOSmacOSwatchOSiOS and iPadOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8865
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-3.70% / 87.49%
||
7 Day CHG~0.00%
Published-20 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.

Action-Not Available
Vendor-n/aThe PHP GroupApple Inc.
Product-mac_os_xphpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5874
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-3.21% / 86.54%
||
7 Day CHG~0.00%
Published-18 Sep, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchositunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12784
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-25.87% / 96.06%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6975
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.13% / 83.49%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xitunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0778
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-22.12% / 95.58%
||
7 Day CHG~0.00%
Published-14 Feb, 2008 | 11:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7017
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.13% / 83.49%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xitunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12811
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-19.40% / 95.16%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 13:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-windowsphotoshop_ccmacosAdobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6992
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.13% / 83.49%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xitunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5775
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.99% / 82.88%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3773
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.16% / 83.61%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5750
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.76% / 72.27%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode characters.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5779
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.68% / 85.27%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5753.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xquicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5776
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-3.02% / 86.09%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3674
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.16% / 83.61%
||
7 Day CHG~0.00%
Published-03 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

afpserver in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3804
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.99% / 82.88%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-3775
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-24.98% / 95.95%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 20:33
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-photoshop_2020windowsphotoshop_ccmacosAdobe Photoshop
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3798
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-22.39% / 95.61%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3797.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3797
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.88% / 74.48%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3798.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7062
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.11% / 83.40%
||
7 Day CHG~0.00%
Published-20 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Contacts" component. A buffer overflow allows remote attackers to execute arbitrary code or cause a denial of service (application crash).

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ostvoswatchosmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3796
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-16.07% / 94.53%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3798.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3783
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-13.43% / 93.94%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7103
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.93% / 89.22%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ostvoswatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7129
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.73% / 81.69%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ostvoswatchosmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7130
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.73% / 81.69%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ostvoswatchosmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12810
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-19.40% / 95.16%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 13:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-windowsphotoshop_ccmacosAdobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3329
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-26.34% / 96.11%
||
7 Day CHG~0.00%
Published-09 Jun, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

Action-Not Available
Vendor-n/aRed Hat, Inc.The PHP GroupApple Inc.Oracle Corporation
Product-enterprise_linuxenterprise_linux_serversolarisenterprise_linux_hpc_nodeenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationphpenterprise_linux_hpc_node_euslinuxmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3307
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.63% / 92.58%
||
7 Day CHG~0.00%
Published-09 Jun, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive.

Action-Not Available
Vendor-n/aRed Hat, Inc.The PHP GroupApple Inc.
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_hpc_nodeenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationphpenterprise_linux_hpc_node_eusmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3145
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-65.09% / 98.41%
||
7 Day CHG~0.00%
Published-24 Apr, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

Action-Not Available
Vendor-n/aopenSUSEFedora ProjectApple Inc.HP Inc.Debian GNU/LinuxOracle CorporationCanonical Ltd.CURL
Product-solarislibcurlsystem_management_homepagefedoraopensuseubuntu_linuxcurldebian_linuxmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-5710
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-33.04% / 96.75%
||
7 Day CHG~0.00%
Published-04 Nov, 2006 | 01:00
Updated-07 Aug, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-opendarwinn/aApple Inc.
Product-darwin_kernelmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-0973
Matching Score-10
Assigner-CERT/CC
ShareView Details
Matching Score-10
Assigner-CERT/CC
CVSS Score-8.8||HIGH
EPSS-2.01% / 82.96%
||
7 Day CHG+1.21%
Published-18 Jan, 2015 | 18:00
Updated-09 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.

Action-Not Available
Vendor-libpngn/aOracle CorporationApple Inc.
Product-mac_os_xsolarislibpngn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2014-4485
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.98% / 85.99%
||
7 Day CHG~0.00%
Published-30 Jan, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xtvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-8829
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.26%
||
7 Day CHG~0.00%
Published-30 Jan, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-8146
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-40.13% / 97.24%
||
7 Day CHG~0.00%
Published-25 May, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.

Action-Not Available
Vendor-icu-projectn/aApple Inc.
Product-watchosinternational_components_for_unicodeitunesiphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-3946
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.72% / 88.98%
||
7 Day CHG~0.00%
Published-31 Jul, 2006 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarimac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1371
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.79% / 72.91%
||
7 Day CHG~0.00%
Published-01 Jul, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-2238
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-37.96% / 97.10%
||
7 Day CHG~0.00%
Published-12 May, 2006 | 21:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted BMP file that triggers the overflow in the ReadBMP function. NOTE: this issue was originally included as item 3 in CVE-2006-1983, but it has been given a separate identifier because it is a distinct issue.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-1982
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-44.86% / 97.49%
||
7 Day CHG~0.00%
Published-21 Apr, 2006 | 22:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-1469
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.45% / 84.61%
||
7 Day CHG~0.00%
Published-27 Jun, 2006 | 22:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-2524
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-17.64% / 94.84%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 04:54
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "TextInput" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ostvoswatchosmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1262
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.94%
||
7 Day CHG~0.00%
Published-27 Feb, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-0583
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.25% / 86.63%
||
7 Day CHG~0.00%
Published-11 Nov, 2014 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to complete a transition from Low Integrity to Medium Integrity via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1256
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.55%
||
7 Day CHG~0.00%
Published-27 Feb, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 80
  • 81
  • Next
Details not found