Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-19059

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-07 Nov, 2018 | 16:00
Updated At-05 Aug, 2024 | 11:30
Rejected At-
Credits

An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:07 Nov, 2018 | 16:00
Updated At:05 Aug, 2024 | 11:30
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gitlab.freedesktop.org/poppler/poppler/issues/661
x_refsource_MISC
https://usn.ubuntu.com/3837-1/
vendor-advisory
x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2019:2022
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://gitlab.freedesktop.org/poppler/poppler/issues/661
Resource:
x_refsource_MISC
Hyperlink: https://usn.ubuntu.com/3837-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2022
Resource:
vendor-advisory
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gitlab.freedesktop.org/poppler/poppler/issues/661
x_refsource_MISC
x_transferred
https://usn.ubuntu.com/3837-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://access.redhat.com/errata/RHSA-2019:2022
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://gitlab.freedesktop.org/poppler/poppler/issues/661
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://usn.ubuntu.com/3837-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2022
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:07 Nov, 2018 | 16:29
Updated At:06 Aug, 2019 | 17:15

An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.06.5MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
freedesktop.org
freedesktop
>>poppler>>0.71.0
cpe:2.3:a:freedesktop:poppler:0.71.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>18.04
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>18.10
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2019:2022cve@mitre.org
N/A
https://gitlab.freedesktop.org/poppler/poppler/issues/661cve@mitre.org
Exploit
Third Party Advisory
https://usn.ubuntu.com/3837-1/cve@mitre.org
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2022
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://gitlab.freedesktop.org/poppler/poppler/issues/661
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/3837-1/
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1252Records found
CVE-2017-9473
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 50.03%
||
7 Day CHG~0.00%
Published-07 Jun, 2017 | 04:50
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.

Action-Not Available
Vendor-ytnef_projectn/aCanonical Ltd.
Product-ytnefubuntu_linuxn/a
CVE-2017-9210
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.12%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.

Action-Not Available
Vendor-qpdf_projectn/aCanonical Ltd.
Product-ubuntu_linuxqpdfn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-9404
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.51% / 67.01%
||
7 Day CHG~0.00%
Published-02 Jun, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aCanonical Ltd.LibTIFFDebian GNU/Linux
Product-debian_linuxubuntu_linuxlibtiffn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-9208
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.43% / 63.17%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.

Action-Not Available
Vendor-qpdf_projectn/aCanonical Ltd.
Product-ubuntu_linuxqpdfn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-9239
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.75%
||
7 Day CHG~0.00%
Published-26 May, 2017 | 10:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.

Action-Not Available
Vendor-n/aCanonical Ltd.Exiv2
Product-exiv2ubuntu_linuxn/a
CWE ID-CWE-369
Divide By Zero
CVE-2016-4429
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.26% / 79.92%
||
7 Day CHG~0.00%
Published-10 Jun, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGNU
Product-leapglibcubuntu_linuxopensusen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-9775
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.74% / 73.51%
||
7 Day CHG~0.00%
Published-22 Jun, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

Action-Not Available
Vendor-n/afreedesktop.orgRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_auspopplern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1055
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 40.42%
||
7 Day CHG~0.00%
Published-07 Apr, 2021 | 19:20
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential DoS through abuse of rate limit in libunity-webapps for Firefox

The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.

Action-Not Available
Vendor-Canonical Ltd.
Product-ubuntu_linuxunity-firefox-extensionlibunity-webappsunity-firefox-extension
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2016-4008
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-4.29% / 89.14%
||
7 Day CHG~0.00%
Published-05 May, 2016 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGNUFedora Project
Product-opensuseubuntu_linuxlibtasn1fedoran/a
CVE-2016-3615
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-1.85% / 83.46%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.

Action-Not Available
Vendor-n/aCanonical Ltd.MariaDB FoundationIBM CorporationOracle CorporationDebian GNU/Linux
Product-debian_linuxubuntu_linuxmariadbmysqlpowerkvmlinuxn/a
CVE-2016-4001
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.6||HIGH
EPSS-7.08% / 91.74%
||
7 Day CHG~0.00%
Published-23 May, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.

Action-Not Available
Vendor-n/aCanonical Ltd.QEMUDebian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxqemufedoran/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2016-1372
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.52% / 67.14%
||
7 Day CHG~0.00%
Published-03 Oct, 2016 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file.

Action-Not Available
Vendor-n/aCanonical Ltd.ClamAV
Product-clamavubuntu_linuxn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-9388
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.49%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

Action-Not Available
Vendor-n/aJasPerCanonical Ltd.
Product-ubuntu_linuxjaspern/a
CWE ID-CWE-617
Reachable Assertion
CVE-2016-5824
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 53.19%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.

Action-Not Available
Vendor-libical_projectn/aCanonical Ltd.Red Hat, Inc.
Product-ubuntu_linuxlibicalenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausn/a
CWE ID-CWE-416
Use After Free
CVE-2016-3941
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.31% / 54.43%
||
7 Day CHG~0.00%
Published-18 Apr, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."

Action-Not Available
Vendor-n/aVideoLANCanonical Ltd.
Product-vlc_media_playerubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-9083
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.68% / 72.05%
||
7 Day CHG~0.00%
Published-19 May, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.

Action-Not Available
Vendor-n/afreedesktop.org
Product-popplern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-7613
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.59% / 69.68%
||
7 Day CHG~0.00%
Published-09 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

Action-Not Available
Vendor-elfutils_projectn/aCanonical Ltd.Debian GNU/Linux
Product-debian_linuxubuntu_linuxelfutilsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7511
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 44.58%
||
7 Day CHG~0.00%
Published-30 May, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.

Action-Not Available
Vendor-Popplerfreedesktop.org
Product-popplerpoppler
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-14464
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.30% / 53.77%
||
7 Day CHG~0.00%
Published-31 Jul, 2019 | 22:40
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow.

Action-Not Available
Vendor-milkytracker_projectn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-debian_linuxubuntu_linuxfedoramilkytrackern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-7515
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 44.35%
||
7 Day CHG~0.00%
Published-06 Jun, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.

Action-Not Available
Vendor-freedesktop.orgRed Hat, Inc.
Product-popplerpoppler
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-18029
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.51% / 66.95%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 20:00
Updated-05 Aug, 2024 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCCanonical Ltd.
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-17816
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 38.96%
||
7 Day CHG~0.00%
Published-21 Dec, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.

Action-Not Available
Vendor-nasmn/aCanonical Ltd.
Product-netwide_assemblerubuntu_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2017-17817
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.02%
||
7 Day CHG~0.00%
Published-21 Dec, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.

Action-Not Available
Vendor-nasmn/aCanonical Ltd.
Product-netwide_assemblerubuntu_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2017-17884
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 64.17%
||
7 Day CHG~0.00%
Published-24 Dec, 2017 | 04:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-imagemagickubuntu_linuxn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-17681
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 64.53%
||
7 Day CHG~0.00%
Published-14 Dec, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-imagemagickubuntu_linuxn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-18267
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 51.30%
||
7 Day CHG~0.00%
Published-10 May, 2018 | 15:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.freedesktop.org
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_workstationenterprise_linux_desktopansible_towerpopplern/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-18008
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 65.11%
||
7 Day CHG~0.00%
Published-01 Jan, 2018 | 08:00
Updated-05 Aug, 2024 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCCanonical Ltd.
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-18251
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 54.02%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 03:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCCanonical Ltd.
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-18028
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 65.72%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 20:00
Updated-05 Aug, 2024 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCCanonical Ltd.
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2017-18027
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 59.10%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 20:00
Updated-05 Aug, 2024 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCCanonical Ltd.
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-17811
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.05%
||
7 Day CHG~0.00%
Published-21 Dec, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.

Action-Not Available
Vendor-nasmn/aCanonical Ltd.
Product-netwide_assemblerubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-17680
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 64.97%
||
7 Day CHG~0.00%
Published-14 Dec, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-imagemagickubuntu_linuxn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-17885
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 53.89%
||
7 Day CHG~0.00%
Published-24 Dec, 2017 | 04:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-imagemagickubuntu_linuxn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2016-2369
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-5.9||MEDIUM
EPSS-3.14% / 87.21%
||
7 Day CHG~0.00%
Published-06 Jan, 2017 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerability.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxPidgin
Product-pidgindebian_linuxubuntu_linuxPidgin
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-17887
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 64.17%
||
7 Day CHG~0.00%
Published-24 Dec, 2017 | 04:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-imagemagickubuntu_linuxn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2016-1837
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.52% / 67.38%
||
7 Day CHG~0.00%
Published-20 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.McAfee, LLClibxml2 (XMLSoft)Red Hat, Inc.Debian GNU/Linux
Product-libxml2debian_linuxubuntu_linuxmac_os_xenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopweb_gatewayenterprise_linux_server_eusiphone_osenterprise_linux_server_austvoswatchosn/a
CWE ID-CWE-416
Use After Free
CVE-2016-1688
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-4.80% / 89.76%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromev8opensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1689
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.41% / 81.01%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1702
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.31% / 80.29%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1371
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.52% / 67.14%
||
7 Day CHG~0.00%
Published-03 Oct, 2016 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.

Action-Not Available
Vendor-n/aCanonical Ltd.ClamAV
Product-clamavubuntu_linuxn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1285
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-68.97% / 98.66%
||
7 Day CHG~0.00%
Published-09 Mar, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEJuniper Networks, Inc.Internet Systems Consortium, Inc.SUSEDebian GNU/LinuxFedora Project
Product-srx2300ubuntu_linuxsrx345srx1600srx110fedorasrx5800srx300srx4700vsrxsrx380managersrx550_hmsrx550msrx650srx1400srx240mleapsrx3400srx4000srx100opensusesrx1500debian_linuxlinux_enterprise_desktopsrx340srx4100srx5600linux_enterprise_debuginfolinux_enterprise_serversrx320srx3600srx4300linux_enterprise_software_development_kitsrx4600srx240h2junossrx5000srx220manager_proxysrx4200bindsrx550srx5400srx210openstack_cloudsrx240n/a
CVE-2016-1836
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-1.31% / 80.25%
||
7 Day CHG~0.00%
Published-20 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.McAfee, LLClibxml2 (XMLSoft)Red Hat, Inc.Debian GNU/Linux
Product-libxml2debian_linuxubuntu_linuxmac_os_xenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopweb_gatewayenterprise_linux_server_eusiphone_osenterprise_linux_server_austvoswatchosn/a
CWE ID-CWE-416
Use After Free
CVE-2016-1654
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-3.06% / 87.05%
||
7 Day CHG~0.00%
Published-18 Apr, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSEDebian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterpriseleapchromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2073
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.51% / 81.63%
||
7 Day CHG~0.00%
Published-12 Feb, 2016 | 15:26
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.

Action-Not Available
Vendor-n/aCanonical Ltd.libxml2 (XMLSoft)Debian GNU/Linux
Product-debian_linuxubuntu_linuxlibxml2n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2191
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.74% / 83.00%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.

Action-Not Available
Vendor-optipngn/aCanonical Ltd.openSUSEDebian GNU/Linux
Product-debian_linuxubuntu_linuxoptipngleapopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2116
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.7||MEDIUM
EPSS-9.33% / 92.97%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.

Action-Not Available
Vendor-n/aJasPerCanonical Ltd.
Product-ubuntu_linuxjaspern/a
CVE-2017-18254
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 54.02%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 03:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCCanonical Ltd.
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-18271
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 53.19%
||
7 Day CHG~0.00%
Published-18 May, 2018 | 19:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-18236
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.87% / 75.74%
||
7 Day CHG~0.00%
Published-15 Mar, 2018 | 19:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.

Action-Not Available
Vendor-exempi_projectn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxexempidebian_linuxn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-9903
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 70.86%
||
7 Day CHG~0.00%
Published-21 Mar, 2019 | 17:42
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

Action-Not Available
Vendor-n/aFedora Projectfreedesktop.orgDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.
Product-ubuntu_linuxdebian_linuxenterprise_linux_server_ausenterprise_linuxfedoraenterprise_linux_eusenterprise_linux_server_tuspopplern/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 25
  • 26
  • Next
Details not found