Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-8929

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-20 Sep, 2016 | 14:00
Updated At-06 Aug, 2024 | 08:36
Rejected At-
Credits

Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:20 Sep, 2016 | 14:00
Updated At:06 Aug, 2024 | 08:36
Rejected At:
▼CVE Numbering Authority (CNA)

Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
x_refsource_MISC
http://www.securityfocus.com/bid/91340
vdb-entry
x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html
vendor-advisory
x_refsource_SUSE
https://github.com/libarchive/libarchive/issues/517
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/06/17/2
mailing-list
x_refsource_MLIST
https://security.gentoo.org/glsa/201701-03
vendor-advisory
x_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2016/06/17/5
mailing-list
x_refsource_MLIST
Hyperlink: https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/91340
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://github.com/libarchive/libarchive/issues/517
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/17/2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://security.gentoo.org/glsa/201701-03
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/17/5
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/91340
vdb-entry
x_refsource_BID
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://github.com/libarchive/libarchive/issues/517
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2016/06/17/2
mailing-list
x_refsource_MLIST
x_transferred
https://security.gentoo.org/glsa/201701-03
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.openwall.com/lists/oss-security/2016/06/17/5
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/91340
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://github.com/libarchive/libarchive/issues/517
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/17/2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201701-03
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/17/5
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:20 Sep, 2016 | 14:15
Updated At:06 May, 2026 | 22:30

Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
SUSE
suse
>>linux_enterprise_desktop>>12
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_server>>12
cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_software_development_kit>>12
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
libarchive
libarchive
>>libarchive>>Versions up to 3.1.901a(inclusive)
cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.htmlcve@mitre.org
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/17/2cve@mitre.org
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/17/5cve@mitre.org
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/91340cve@mitre.org
N/A
https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.htmlcve@mitre.org
Third Party Advisory
https://github.com/libarchive/libarchive/issues/517cve@mitre.org
Exploit
Issue Tracking
Third Party Advisory
https://security.gentoo.org/glsa/201701-03cve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/17/2af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/17/5af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/91340af854a3a-2127-422b-91ae-364da2661108
N/A
https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://github.com/libarchive/libarchive/issues/517af854a3a-2127-422b-91ae-364da2661108
Exploit
Issue Tracking
Third Party Advisory
https://security.gentoo.org/glsa/201701-03af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/17/2
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/17/5
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/91340
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/libarchive/libarchive/issues/517
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201701-03
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/17/2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/17/5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/91340
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://github.com/libarchive/libarchive/issues/517
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201701-03
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

665Records found
CVE-2013-1864
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.73% / 86.03%
||
7 Day CHG~0.00%
Published-23 May, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."

Action-Not Available
Vendor-opalvoipekigan/aSUSE
Product-suse_linux_enterprise_software_development_kitsuse_linux_enterprise_desktopekigaportable_tool_libraryn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-4008
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.76% / 73.35%
||
7 Day CHG~0.00%
Published-16 Nov, 2010 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.openSUSEGoogle LLCSUSERed Hat, Inc.The Apache Software Foundationlibxml2 (XMLSoft)Debian GNU/Linux
Product-itunesdebian_linuxubuntu_linuxmac_os_xenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_desktopopensuseenterprise_linux_server_eusopenofficeiphone_ossafarichromelibxml2n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2317
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.25% / 47.93%
||
7 Day CHG~0.00%
Published-03 Feb, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagickSUSEopenSUSE
Product-graphicsmagickleapstudio_onsitedebian_linuxlinux_enterprise_debuginfolinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1702
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.31% / 79.91%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1689
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.41% / 80.63%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1686
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.34% / 80.11%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1685
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.34% / 80.11%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1688
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-4.80% / 89.53%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromev8opensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10350
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.57% / 81.64%
||
7 Day CHG~0.00%
Published-01 May, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

Action-Not Available
Vendor-n/alibarchive
Product-libarchiven/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10349
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.51% / 81.28%
||
7 Day CHG~0.00%
Published-01 May, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

Action-Not Available
Vendor-n/alibarchive
Product-libarchiven/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8808
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 52.59%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.

Action-Not Available
Vendor-n/aGraphicsMagickFedora ProjectSUSE
Product-graphicsmagickstudio_onsitelinux_enterprise_debuginfofedoralinux_enterprise_software_development_kitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9845
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 40.62%
||
7 Day CHG~0.00%
Published-20 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.

Action-Not Available
Vendor-n/aCanonical Ltd.SUSEopenSUSEImageMagick Studio LLC
Product-suse_linux_enterprise_workstation_extensionsuse_linux_enterprise_serverleapsuse_linux_enterprise_software_development_kitstudio_onsitesuse_linux_enterprise_desktopimagemagickubuntu_linuxsuse_linux_enterprise_debuginfoopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-2021
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-8.67% / 92.48%
||
7 Day CHG~0.00%
Published-13 May, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.

Action-Not Available
Vendor-n/aCanonical Ltd.ClamAVSUSE
Product-linux_enterprise_serverclamavubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-1000880
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.54% / 67.56%
||
7 Day CHG~0.00%
Published-20 Dec, 2018 | 17:00
Updated-05 Aug, 2024 | 12:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.

Action-Not Available
Vendor-n/aFedora ProjectCanonical Ltd.libarchiveopenSUSE
Product-ubuntu_linuxfedoralibarchiveleapn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-14501
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.67% / 71.47%
||
7 Day CHG~0.00%
Published-17 Sep, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.

Action-Not Available
Vendor-n/alibarchive
Product-libarchiven/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-14166
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.60% / 81.78%
||
7 Day CHG~0.00%
Published-06 Sep, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.libarchive
Product-libarchivedebian_linuxubuntu_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-3970
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.49% / 65.58%
||
7 Day CHG~0.00%
Published-09 Feb, 2012 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)Google LLCSUSE
Product-linux_enterprise_desktoplibxsltlinux_enterprise_serverchromelinux_enterprise_software_development_kitn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-14503
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.67% / 71.33%
||
7 Day CHG~0.00%
Published-17 Sep, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.

Action-Not Available
Vendor-n/alibarchive
Product-libarchiven/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-0419
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-4.3||MEDIUM
EPSS-48.78% / 97.78%
||
7 Day CHG~0.00%
Published-16 May, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

Action-Not Available
Vendor-n/aFreeBSD FoundationApple Inc.OpenBSDGoogle LLCOracle CorporationSUSEThe Apache Software FoundationDebian GNU/LinuxNetBSD
Product-debian_linuxopenbsdmac_os_xfreebsdsolarislinux_enterprise_servernetbsdandroidportable_runtimehttp_servern/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2010-0205
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-4.3||MEDIUM
EPSS-4.58% / 89.27%
||
7 Day CHG~0.00%
Published-03 Mar, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.

Action-Not Available
Vendor-libpngn/aCanonical Ltd.Apple Inc.openSUSESUSEDebian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxmac_os_xlinux_enterprise_serverlibpngfedoraopensusen/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-8569
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.55% / 68.14%
||
7 Day CHG~0.00%
Published-03 Feb, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.

Action-Not Available
Vendor-libgit2_projectn/aopenSUSESUSEFedora Project
Product-libgit2linux_enterprisefedoraleapopensusen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2009-2416
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.78%
||
7 Day CHG~0.00%
Published-11 Aug, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.Sun Microsystems (Oracle Corporation)libxml2 (XMLSoft)Fedora ProjectopenSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/LinuxVMware (Broadcom Inc.)
Product-debian_linuxubuntu_linuxmac_os_xesxlinux_enterprise_serverfedorachromemac_os_x_serverlibxmlvmalibxml2linux_enterprisevcenter_serveropensuseiphone_ossafariesxiopenoffice.orgenterprise_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2019-9211
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.50% / 65.93%
||
7 Day CHG~0.00%
Published-27 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.

Action-Not Available
Vendor-n/aGNUFedora ProjectSUSE
Product-linux_enterprise_serverfedorapsppbackportsn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2010-2249
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.57% / 81.61%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

Action-Not Available
Vendor-libpngn/aCanonical Ltd.Apple Inc.openSUSESUSEDebian GNU/LinuxVMware (Broadcom Inc.)Fedora Project
Product-itunesdebian_linuxubuntu_linuxplayerlinux_enterprise_serverlibpngiphone_ossafariworkstationfedoratvosopensusen/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2016-8688
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.17%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.

Action-Not Available
Vendor-n/alibarchiveopenSUSE
Product-libarchiveleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-7166
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.36% / 58.29%
||
7 Day CHG~0.00%
Published-21 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.

Action-Not Available
Vendor-n/alibarchiveRed Hat, Inc.Oracle Corporation
Product-enterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopenterprise_linux_server_euslibarchivelinuxenterprise_linux_server_ausenterprise_linux_hpc_nodeenterprise_linux_hpc_node_eusn/a
CVE-2016-5844
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.48% / 81.08%
||
7 Day CHG~0.00%
Published-21 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.

Action-Not Available
Vendor-n/alibarchiveRed Hat, Inc.Oracle Corporation
Product-enterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopsolarisenterprise_linux_server_euslibarchivelinuxenterprise_linux_hpc_nodeenterprise_linux_server_ausenterprise_linux_hpc_node_eusn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-4955
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.73% / 82.53%
||
7 Day CHG-0.18%
Published-05 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.

Action-Not Available
Vendor-ntpn/aopenSUSEOracle CorporationSiemens AGSUSENovell
Product-simatic_net_cp_443-1_opc_ualinux_enterprise_desktopsuse_managerntpmanager_proxyleapsolarislinux_enterprise_serversimatic_net_cp_443-1_opc_ua_firmwareopenstack_cloudopensusen/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-21674
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.65% / 82.13%
||
7 Day CHG~0.00%
Published-15 Oct, 2020 | 14:59
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.

Action-Not Available
Vendor-n/alibarchive
Product-libarchiven/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-2318
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 46.39%
||
7 Day CHG~0.00%
Published-03 Feb, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagickSUSEopenSUSE
Product-graphicsmagickleapstudio_onsitedebian_linuxlinux_enterprise_debuginfolinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-1654
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-2.49% / 85.39%
||
7 Day CHG~0.00%
Published-18 Apr, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSEDebian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterpriseleapchromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1285
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-68.97% / 98.65%
||
7 Day CHG~0.00%
Published-09 Mar, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEJuniper Networks, Inc.Internet Systems Consortium, Inc.SUSEDebian GNU/LinuxFedora Project
Product-srx2300ubuntu_linuxsrx345srx1600srx110fedorasrx5800srx300srx4700vsrxsrx380managersrx550_hmsrx550msrx650srx1400srx240mleapsrx3400srx4000srx100opensusesrx1500debian_linuxlinux_enterprise_desktopsrx340srx4100srx5600linux_enterprise_debuginfolinux_enterprise_serversrx320srx3600srx4300linux_enterprise_software_development_kitsrx4600srx240h2junossrx5000srx220manager_proxysrx4200bindsrx550srx5400srx210openstack_cloudsrx240n/a
CVE-2016-10209
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.27% / 79.63%
||
7 Day CHG~0.00%
Published-03 Apr, 2017 | 05:44
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.

Action-Not Available
Vendor-n/alibarchive
Product-libarchiven/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2015-8927
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 44.57%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password.

Action-Not Available
Vendor-n/alibarchive
Product-libarchiven/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-8915
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.42% / 61.79%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.

Action-Not Available
Vendor-n/alibarchive
Product-libarchiven/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-8924
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.33% / 55.50%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.

Action-Not Available
Vendor-n/aCanonical Ltd.libarchiveNovell
Product-suse_linux_enterprise_software_development_kitubuntu_linuxsuse_linux_enterprise_serverlibarchivesuse_linux_enterprise_desktopn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-8920
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.56% / 68.25%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.

Action-Not Available
Vendor-n/aCanonical Ltd.libarchiveNovell
Product-suse_linux_enterprise_software_development_kitubuntu_linuxsuse_linux_enterprise_serverlibarchivesuse_linux_enterprise_desktopn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-8922
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.39% / 59.71%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.

Action-Not Available
Vendor-n/aCanonical Ltd.Oracle CorporationNovelllibarchive
Product-suse_linux_enterprise_software_development_kitubuntu_linuxsuse_linux_enterprise_serverlibarchivelinuxsuse_linux_enterprise_desktopn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2015-8923
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.62% / 85.74%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.

Action-Not Available
Vendor-n/aCanonical Ltd.libarchiveNovell
Product-suse_linux_enterprise_software_development_kitubuntu_linuxsuse_linux_enterprise_serverlibarchivesuse_linux_enterprise_desktopn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8925
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.51% / 66.28%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.

Action-Not Available
Vendor-n/aCanonical Ltd.libarchiveSUSE
Product-ubuntu_linuxlinux_enterprise_desktoplinux_enterprise_serverlibarchivelinux_enterprise_software_development_kitn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-8926
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 61.26%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.

Action-Not Available
Vendor-n/aCanonical Ltd.libarchiveSUSE
Product-ubuntu_linuxlinux_enterprise_desktoplinux_enterprise_serverlibarchivelinux_enterprise_software_development_kitn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2015-8928
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 52.68%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

Action-Not Available
Vendor-n/aCanonical Ltd.libarchiveSUSE
Product-ubuntu_linuxlinux_enterprise_desktoplinux_enterprise_serverlibarchivelinux_enterprise_software_development_kitn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-8932
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.56% / 68.42%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.

Action-Not Available
Vendor-n/aCanonical Ltd.SUSElibarchiveDebian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterprise_desktoplinux_enterprise_serverlibarchivelinux_enterprise_software_development_kitn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8933
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.31% / 54.17%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.

Action-Not Available
Vendor-n/aCanonical Ltd.libarchiveSUSE
Product-ubuntu_linuxlinux_enterprise_desktoplinux_enterprise_serverlibarchivelinux_enterprise_software_development_kitn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2015-8934
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.36% / 80.23%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.

Action-Not Available
Vendor-n/aCanonical Ltd.libarchiveSUSE
Product-ubuntu_linuxlinux_enterprise_desktoplinux_enterprise_serverlibarchivelinux_enterprise_software_development_kitn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-8916
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.16% / 78.64%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.

Action-Not Available
Vendor-n/aCanonical Ltd.libarchiveDebian GNU/Linux
Product-debian_linuxlibarchiveubuntu_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2015-0382
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-15.18% / 94.63%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.

Action-Not Available
Vendor-n/aCanonical Ltd.MariaDB FoundationOracle CorporationSUSERed Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopmariadbenterprise_linux_server_tusenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_ausfedoralinux_enterprise_workstation_extensionlinux_enterprise_software_development_kitenterprise_linux_serverenterprise_linux_workstationmysqlsolariscommunications_policy_managemententerprise_linux_eusn/a
CVE-2015-0381
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-5.03% / 89.79%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.

Action-Not Available
Vendor-n/aCanonical Ltd.MariaDB FoundationOracle CorporationSUSERed Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopmariadbenterprise_linux_server_tusenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_ausfedoralinux_enterprise_workstation_extensionlinux_enterprise_software_development_kitenterprise_linux_serverenterprise_linux_workstationmysqlsolariscommunications_policy_managemententerprise_linux_eusn/a
CVE-2021-36976
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.77%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 06:49
Updated-03 Nov, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

Action-Not Available
Vendor-n/aFedora ProjectApple Inc.libarchiveSplunk LLC (Cisco Systems, Inc.)
Product-watchosipadosfedoralibarchivemacosuniversal_forwarderiphone_osn/a
CWE ID-CWE-416
Use After Free
CVE-2014-9853
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 36.59%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.

Action-Not Available
Vendor-n/aCanonical Ltd.SUSEopenSUSEImageMagick Studio LLCNovell
Product-linux_enterprise_desktoplinux_enterprise_serversuse_linux_enterprise_software_development_kitleaplinux_enterprise_software_development_kitlinux_enterprise_workstation_extensionlinux_enterprise_debuginfoimagemagickubuntu_linuxopensusen/a
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 13
  • 14
  • Next
Details not found