Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-15722

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Oct, 2017 | 17:00
Updated At-05 Aug, 2024 | 20:04
Rejected At-
Credits

In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Oct, 2017 | 17:00
Updated At:05 Aug, 2024 | 20:04
Rejected At:
▼CVE Numbering Authority (CNA)

In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.debian.org/security/2017/dsa-4016
vendor-advisory
x_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html
mailing-list
x_refsource_MLIST
https://irssi.org/security/irssi_sa_2017_10.txt
x_refsource_CONFIRM
http://openwall.com/lists/oss-security/2017/10/22/4
x_refsource_CONFIRM
Hyperlink: https://www.debian.org/security/2017/dsa-4016
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://irssi.org/security/irssi_sa_2017_10.txt
Resource:
x_refsource_CONFIRM
Hyperlink: http://openwall.com/lists/oss-security/2017/10/22/4
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.debian.org/security/2017/dsa-4016
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html
mailing-list
x_refsource_MLIST
x_transferred
https://irssi.org/security/irssi_sa_2017_10.txt
x_refsource_CONFIRM
x_transferred
http://openwall.com/lists/oss-security/2017/10/22/4
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.debian.org/security/2017/dsa-4016
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://irssi.org/security/irssi_sa_2017_10.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://openwall.com/lists/oss-security/2017/10/22/4
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Oct, 2017 | 20:29
Updated At:20 Apr, 2025 | 01:37

In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.9MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
irssi
irssi
>>irssi>>Versions up to 1.0.4(inclusive)
cpe:2.3:a:irssi:irssi:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://openwall.com/lists/oss-security/2017/10/22/4cve@mitre.org
Mailing List
Mitigation
Patch
Third Party Advisory
https://irssi.org/security/irssi_sa_2017_10.txtcve@mitre.org
Mitigation
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2017/12/msg00022.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://www.debian.org/security/2017/dsa-4016cve@mitre.org
Third Party Advisory
http://openwall.com/lists/oss-security/2017/10/22/4af854a3a-2127-422b-91ae-364da2661108
Mailing List
Mitigation
Patch
Third Party Advisory
https://irssi.org/security/irssi_sa_2017_10.txtaf854a3a-2127-422b-91ae-364da2661108
Mitigation
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2017/12/msg00022.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://www.debian.org/security/2017/dsa-4016af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://openwall.com/lists/oss-security/2017/10/22/4
Source: cve@mitre.org
Resource:
Mailing List
Mitigation
Patch
Third Party Advisory
Hyperlink: https://irssi.org/security/irssi_sa_2017_10.txt
Source: cve@mitre.org
Resource:
Mitigation
Patch
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://www.debian.org/security/2017/dsa-4016
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://openwall.com/lists/oss-security/2017/10/22/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Mitigation
Patch
Third Party Advisory
Hyperlink: https://irssi.org/security/irssi_sa_2017_10.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mitigation
Patch
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://www.debian.org/security/2017/dsa-4016
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1847Records found
CVE-2018-15378
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-1.33% / 79.12%
||
7 Day CHG~0.00%
Published-15 Oct, 2018 | 17:00
Updated-26 Nov, 2024 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus unmew11() Denial of Service Vulnerability

A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.

Action-Not Available
Vendor-Canonical Ltd.ClamAVCisco Systems, Inc.Debian GNU/Linux
Product-ubuntu_linuxclamavdebian_linuxClamAV
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-13988
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.54% / 66.57%
||
7 Day CHG~0.00%
Published-25 Jul, 2018 | 23:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.freedesktop.org
Product-enterprise_linux_serverubuntu_linuxdebian_linuxopenshift_container_platformenterprise_linux_workstationenterprise_linux_desktopansible_towerpopplern/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14851
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.66%
||
7 Day CHG~0.00%
Published-02 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.

Action-Not Available
Vendor-n/aNetApp, Inc.Canonical Ltd.Debian GNU/LinuxThe PHP Group
Product-ubuntu_linuxphpdebian_linuxstorage_automation_storen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14498
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 55.88%
||
7 Day CHG~0.00%
Published-07 Mar, 2019 | 22:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.

Action-Not Available
Vendor-libjpeg-turbon/aDebian GNU/LinuxopenSUSEFedora ProjectMozilla Corporation
Product-mozjpegdebian_linuxfedoralibjpeg-turboleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-13099
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.76% / 72.34%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 05:00
Updated-05 Aug, 2024 | 08:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSEDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kernelleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-13096
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.59% / 68.15%
||
7 Day CHG-0.02%
Published-03 Jul, 2018 | 05:00
Updated-05 Aug, 2024 | 08:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSEDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kernelleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-12495
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.52% / 65.64%
||
7 Day CHG~0.00%
Published-15 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

Action-Not Available
Vendor-discount_projectn/aDebian GNU/Linux
Product-discountdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-10999
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.85% / 82.25%
||
7 Day CHG~0.00%
Published-12 May, 2018 | 04:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read.

Action-Not Available
Vendor-n/aCanonical Ltd.Exiv2Debian GNU/Linux
Product-ubuntu_linuxexiv2debian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-11503
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.52% / 65.64%
||
7 Day CHG~0.00%
Published-26 May, 2018 | 21:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

Action-Not Available
Vendor-discount_projectn/aDebian GNU/Linux
Product-discountdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-10888
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.18% / 77.90%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.

Action-Not Available
Vendor-libgit2libgit2Debian GNU/Linux
Product-debian_linuxlibgit2libgit2
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-11504
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 47.24%
||
7 Day CHG~0.00%
Published-26 May, 2018 | 21:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

Action-Not Available
Vendor-discount_projectn/aDebian GNU/Linux
Product-discountdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-10001
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.97% / 75.75%
||
7 Day CHG~0.00%
Published-11 Apr, 2018 | 03:00
Updated-05 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-0202
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-2.01% / 82.96%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 09:00
Updated-02 Dec, 2024 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause an out-of-bounds read when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition. This concerns pdf_parse_array and pdf_parse_string in libclamav/pdfng.c. Cisco Bug IDs: CSCvh91380, CSCvh91400.

Action-Not Available
Vendor-n/aCanonical Ltd.ClamAVDebian GNU/Linux
Product-ubuntu_linuxclamavdebian_linuxClamAV
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-9865
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.76% / 72.35%
||
7 Day CHG~0.00%
Published-25 Jun, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.

Action-Not Available
Vendor-n/afreedesktop.orgDebian GNU/Linux
Product-popplerdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-7612
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.34% / 56.08%
||
7 Day CHG~0.00%
Published-09 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Action-Not Available
Vendor-elfutils_projectn/aDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxelfutilsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-7697
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.87%
||
7 Day CHG~0.00%
Published-11 Apr, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file.

Action-Not Available
Vendor-libsamplerate_projectn/aDebian GNU/Linux
Product-libsampleratedebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-8365
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.33% / 79.12%
||
7 Day CHG~0.00%
Published-30 Apr, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.

Action-Not Available
Vendor-libsndfile_projectn/aDebian GNU/Linux
Product-debian_linuxlibsndfilen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-7608
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.74%
||
7 Day CHG~0.00%
Published-09 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Action-Not Available
Vendor-elfutils_projectn/aDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxelfutilsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-7610
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.34% / 56.08%
||
7 Day CHG~0.00%
Published-09 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Action-Not Available
Vendor-elfutils_projectn/aDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxelfutilsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-8363
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.33% / 79.12%
||
7 Day CHG~0.00%
Published-30 Apr, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.

Action-Not Available
Vendor-libsndfile_projectn/aDebian GNU/Linux
Product-debian_linuxlibsndfilen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-7611
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 49.21%
||
7 Day CHG~0.00%
Published-09 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Action-Not Available
Vendor-elfutils_projectn/aDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxelfutilsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-8362
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.34% / 79.17%
||
7 Day CHG~0.00%
Published-30 Apr, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.

Action-Not Available
Vendor-libsndfile_projectn/aDebian GNU/Linux
Product-debian_linuxlibsndfilen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-6500
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 50.10%
||
7 Day CHG~0.00%
Published-06 Mar, 2017 | 02:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-6011
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 56.99%
||
7 Day CHG~0.00%
Published-16 Feb, 2017 | 11:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool.

Action-Not Available
Vendor-icoutils_projectn/aRed Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationicoutilsenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_linux_server_ausn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-37620
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.08% / 25.57%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 00:00
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds read in XmpTextValue::read()

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectExiv2
Product-exiv2debian_linuxfedoraexiv2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-3605
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 25.07%
||
7 Day CHG~0.00%
Published-25 Aug, 2021 | 00:00
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

Action-Not Available
Vendor-openexrn/aDebian GNU/LinuxRed Hat, Inc.
Product-openexrdebian_linuxenterprise_linuxOpenEXR
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-17788
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.50% / 64.93%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GIMP
Product-gimpubuntu_linuxdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-17669
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.21%
||
7 Day CHG~0.00%
Published-13 Dec, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.

Action-Not Available
Vendor-n/aCanonical Ltd.Exiv2Debian GNU/Linux
Product-ubuntu_linuxexiv2debian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-17504
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.98% / 75.82%
||
7 Day CHG~0.00%
Published-11 Dec, 2017 | 02:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.ImageMagick Studio LLC
Product-ubuntu_linuxdebian_linuximagemagickn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-32434
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 26.09%
||
7 Day CHG~0.00%
Published-10 Mar, 2022 | 14:50
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.

Action-Not Available
Vendor-abcm2ps_projectn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedoraabcm2psn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-32436
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.98%
||
7 Day CHG~0.00%
Published-10 Mar, 2022 | 14:50
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.

Action-Not Available
Vendor-abcm2ps_projectn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedoraabcm2psn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-9811
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.48% / 64.36%
||
7 Day CHG~0.00%
Published-13 Jan, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.

Action-Not Available
Vendor-gstreamern/aDebian GNU/LinuxRed Hat, Inc.Fedora Project
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_eusenterprise_linux_workstationfedoradebian_linuxenterprise_linux_serverenterprise_linux_server_ausgstreamern/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-0419
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-4.3||MEDIUM
EPSS-58.44% / 98.12%
||
7 Day CHG+4.08%
Published-16 May, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

Action-Not Available
Vendor-n/aNetBSDSUSEOpenBSDDebian GNU/LinuxGoogle LLCOracle CorporationThe Apache Software FoundationApple Inc.FreeBSD Foundation
Product-freebsddebian_linuxportable_runtimeopenbsdandroidhttp_serversolarislinux_enterprise_servernetbsdmac_os_xn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2011-0482
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-3.27% / 86.65%
||
7 Day CHG~0.00%
Published-14 Jan, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGoogle LLC
Product-chrome_osdebian_linuxchromen/a
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2010-4653
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.78% / 72.78%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 19:12
Updated-07 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.

Action-Not Available
Vendor-popplerDebian GNU/Linuxfreedesktop.org
Product-debian_linuxpopplerpoppler
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2010-4008
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.73% / 71.72%
||
7 Day CHG~0.00%
Published-16 Nov, 2010 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

Action-Not Available
Vendor-n/aGoogle LLCCanonical Ltd.libxml2 (XMLSoft)Debian GNU/LinuxSUSEThe Apache Software FoundationRed Hat, Inc.openSUSEApple Inc.
Product-ubuntu_linuxdebian_linuxopensuselibxml2enterprise_linux_server_eussuse_linux_enterprise_serverenterprise_linux_workstationenterprise_linux_serveropenofficeiphone_osenterprise_linux_desktopchromeitunessafarimac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-4493
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.58% / 80.85%
||
7 Day CHG~0.00%
Published-07 Dec, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGoogle LLC
Product-debian_linuxchromen/a
CWE ID-CWE-416
Use After Free
CVE-2017-14121
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.42%
||
7 Day CHG~0.00%
Published-03 Sep, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.

Action-Not Available
Vendor-n/aRARLAB (WinRAR)Debian GNU/Linux
Product-debian_linuxunrarn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-14926
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 52.04%
||
7 Day CHG~0.00%
Published-29 Sep, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.

Action-Not Available
Vendor-n/afreedesktop.orgDebian GNU/Linux
Product-popplerdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-23308
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.39%
||
7 Day CHG~0.00%
Published-26 Feb, 2022 | 00:00
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Fedora ProjectApple Inc.libxml2 (XMLSoft)Debian GNU/Linux
Product-h410sactive_iq_unified_managerdebian_linuxh500s_firmwarecommunications_cloud_native_core_binding_support_functionbootstrap_osh410c_firmwareh410ch700sh500smysql_workbenchh700e_firmwarezfs_storage_appliance_kitontap_select_deploy_administration_utilitycommunications_cloud_native_core_network_function_cloud_native_environmenth500e_firmwaresolidfire\,_enterprise_sds_\&_hci_storage_nodetvosclustered_data_ontap_antivirus_connectorclustered_data_ontaph300ecommunications_cloud_native_core_network_repository_functioncommunications_cloud_native_core_unified_data_repositoryh300e_firmwaremacoswatchossolidfire_\&_hci_management_nodeh700eipadosmac_os_xhci_compute_nodeh500eh700s_firmwaresmi-s_providerfedoracommunications_cloud_native_core_network_slice_selection_functionh410s_firmwaresnapmanagerlibxml2h300s_firmwaremanageability_software_development_kitsnapdriveiphone_osh300sn/a
CWE ID-CWE-416
Use After Free
CVE-2010-2249
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.57% / 80.78%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

Action-Not Available
Vendor-libpngn/aSUSEDebian GNU/LinuxCanonical Ltd.Fedora ProjectVMware (Broadcom Inc.)openSUSEApple Inc.
Product-workstationubuntu_linuxfedoraopensusedebian_linuxlinux_enterprise_serverplayerlibpngiphone_ostvositunessafarin/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2010-1156
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-3.32% / 86.75%
||
7 Day CHG~0.00%
Published-16 Apr, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel.

Action-Not Available
Vendor-irssin/a
Product-irssin/a
CVE-2018-1152
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.68% / 70.56%
||
7 Day CHG~0.00%
Published-18 Jun, 2018 | 14:00
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.

Action-Not Available
Vendor-libjpeg-turboCanonical Ltd.Debian GNU/LinuxTenable, Inc.
Product-ubuntu_linuxdebian_linuxlibjpeg-turbolibjpeg-turbo
CWE ID-CWE-369
Divide By Zero
CVE-2020-21599
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.68%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 00:00
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.

Action-Not Available
Vendor-strukturn/aDebian GNU/Linux
Product-debian_linuxlibde265n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21529
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.03%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 00:00
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.

Action-Not Available
Vendor-xfig_projectn/aDebian GNU/Linux
Product-fig2devdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-22048
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.70% / 71.18%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 15:40
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-21531
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.49%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 00:00
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.

Action-Not Available
Vendor-xfig_projectn/aDebian GNU/Linux
Product-fig2devdebian_linuxn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-22042
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.96%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 19:53
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-21532
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.49%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 00:00
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.

Action-Not Available
Vendor-xfig_projectn/aDebian GNU/Linux
Product-fig2devdebian_linuxn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-19716
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.38%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 00:00
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS).

Action-Not Available
Vendor-n/aExiv2Debian GNU/Linux
Product-exiv2debian_linuxn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 36
  • 37
  • Next
Details not found