Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-5146

Summary
Assigner-mozilla
Assigner Org ID-f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At-11 Jun, 2018 | 21:00
Updated At-05 Aug, 2024 | 05:26
Rejected At-
Credits

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mozilla
Assigner Org ID:f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At:11 Jun, 2018 | 21:00
Updated At:05 Aug, 2024 | 05:26
Rejected At:
â–¼CVE Numbering Authority (CNA)

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

Affected Products
Vendor
Mozilla CorporationMozilla
Product
Firefox
Versions
Affected
  • From unspecified before 59.0.1 (custom)
Vendor
Mozilla CorporationMozilla
Product
Firefox ESR
Versions
Affected
  • From unspecified before 52.7.2 (custom)
Vendor
Mozilla CorporationMozilla
Product
Thunderbird
Versions
Affected
  • From unspecified before 52.7 (custom)
Problem Types
TypeCWE IDDescription
textN/AOut of bounds memory write in libvorbis
Type: text
CWE ID: N/A
Description: Out of bounds memory write in libvorbis
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2018:0549
vendor-advisory
x_refsource_REDHAT
https://usn.ubuntu.com/3604-1/
vendor-advisory
x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4143
vendor-advisory
x_refsource_DEBIAN
https://security.gentoo.org/glsa/201811-13
vendor-advisory
x_refsource_GENTOO
https://lists.debian.org/debian-lts-announce/2018/03/msg00022.html
mailing-list
x_refsource_MLIST
https://usn.ubuntu.com/3545-1/
vendor-advisory
x_refsource_UBUNTU
https://usn.ubuntu.com/3599-1/
vendor-advisory
x_refsource_UBUNTU
https://www.mozilla.org/security/advisories/mfsa2018-09/
x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html
mailing-list
x_refsource_MLIST
https://www.debian.org/security/2018/dsa-4155
vendor-advisory
x_refsource_DEBIAN
https://www.mozilla.org/security/advisories/mfsa2018-08/
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0648
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0647
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1058
vendor-advisory
x_refsource_REDHAT
http://www.securitytracker.com/id/1040544
vdb-entry
x_refsource_SECTRACK
https://bugzilla.mozilla.org/show_bug.cgi?id=1446062
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103432
vdb-entry
x_refsource_BID
https://www.debian.org/security/2018/dsa-4140
vendor-advisory
x_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html
mailing-list
x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:0649
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0549
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://usn.ubuntu.com/3604-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://www.debian.org/security/2018/dsa-4143
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://security.gentoo.org/glsa/201811-13
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/03/msg00022.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://usn.ubuntu.com/3545-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://usn.ubuntu.com/3599-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2018-09/
Resource:
x_refsource_CONFIRM
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://www.debian.org/security/2018/dsa-4155
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2018-08/
Resource:
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0648
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0647
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1058
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securitytracker.com/id/1040544
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1446062
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/103432
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://www.debian.org/security/2018/dsa-4140
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0649
Resource:
vendor-advisory
x_refsource_REDHAT
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2018:0549
vendor-advisory
x_refsource_REDHAT
x_transferred
https://usn.ubuntu.com/3604-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://www.debian.org/security/2018/dsa-4143
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://security.gentoo.org/glsa/201811-13
vendor-advisory
x_refsource_GENTOO
x_transferred
https://lists.debian.org/debian-lts-announce/2018/03/msg00022.html
mailing-list
x_refsource_MLIST
x_transferred
https://usn.ubuntu.com/3545-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://usn.ubuntu.com/3599-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://www.mozilla.org/security/advisories/mfsa2018-09/
x_refsource_CONFIRM
x_transferred
https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html
mailing-list
x_refsource_MLIST
x_transferred
https://www.debian.org/security/2018/dsa-4155
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://www.mozilla.org/security/advisories/mfsa2018-08/
x_refsource_CONFIRM
x_transferred
https://access.redhat.com/errata/RHSA-2018:0648
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:0647
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:1058
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securitytracker.com/id/1040544
vdb-entry
x_refsource_SECTRACK
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1446062
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/103432
vdb-entry
x_refsource_BID
x_transferred
https://www.debian.org/security/2018/dsa-4140
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html
mailing-list
x_refsource_MLIST
x_transferred
https://access.redhat.com/errata/RHSA-2018:0649
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0549
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://usn.ubuntu.com/3604-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://www.debian.org/security/2018/dsa-4143
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201811-13
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/03/msg00022.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://usn.ubuntu.com/3545-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://usn.ubuntu.com/3599-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2018-09/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://www.debian.org/security/2018/dsa-4155
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2018-08/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0648
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0647
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1058
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securitytracker.com/id/1040544
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1446062
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/103432
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.debian.org/security/2018/dsa-4140
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0649
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@mozilla.org
Published At:11 Jun, 2018 | 21:29
Updated At:25 Nov, 2025 | 17:50

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>7.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_eus>>7.4
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_eus>>7.5
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_eus>>7.6
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>7.4
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>17.10
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>Versions before 52.7.2(exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>Versions before 59.0.1(exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>Versions before 52.7.0(exclusive)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/103432security@mozilla.org
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040544security@mozilla.org
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:0549security@mozilla.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0647security@mozilla.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0648security@mozilla.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0649security@mozilla.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1058security@mozilla.org
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1446062security@mozilla.org
Issue Tracking
Permissions Required
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/03/msg00022.htmlsecurity@mozilla.org
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/03/msg00029.htmlsecurity@mozilla.org
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/04/msg00033.htmlsecurity@mozilla.org
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201811-13security@mozilla.org
Third Party Advisory
https://usn.ubuntu.com/3545-1/security@mozilla.org
Third Party Advisory
https://usn.ubuntu.com/3599-1/security@mozilla.org
Third Party Advisory
https://usn.ubuntu.com/3604-1/security@mozilla.org
Third Party Advisory
https://www.debian.org/security/2018/dsa-4140security@mozilla.org
Third Party Advisory
https://www.debian.org/security/2018/dsa-4143security@mozilla.org
Third Party Advisory
https://www.debian.org/security/2018/dsa-4155security@mozilla.org
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-08/security@mozilla.org
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-09/security@mozilla.org
Vendor Advisory
http://www.securityfocus.com/bid/103432af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040544af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:0549af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0647af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0648af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0649af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1058af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1446062af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Permissions Required
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/03/msg00022.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/03/msg00029.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/04/msg00033.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201811-13af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://usn.ubuntu.com/3545-1/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://usn.ubuntu.com/3599-1/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://usn.ubuntu.com/3604-1/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.debian.org/security/2018/dsa-4140af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.debian.org/security/2018/dsa-4143af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.debian.org/security/2018/dsa-4155af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-08/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-09/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/103432
Source: security@mozilla.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1040544
Source: security@mozilla.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0549
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0647
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0648
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0649
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1058
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1446062
Source: security@mozilla.org
Resource:
Issue Tracking
Permissions Required
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/03/msg00022.html
Source: security@mozilla.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html
Source: security@mozilla.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html
Source: security@mozilla.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201811-13
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/3545-1/
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/3599-1/
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/3604-1/
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2018/dsa-4140
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2018/dsa-4143
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2018/dsa-4155
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2018-08/
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2018-09/
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/103432
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1040544
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0549
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0647
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0648
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0649
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1058
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1446062
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Permissions Required
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/03/msg00022.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201811-13
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/3545-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/3599-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/3604-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2018/dsa-4140
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2018/dsa-4143
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2018/dsa-4155
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2018-08/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2018-09/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

4498Records found
CVE-2020-12762
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.28% / 51.66%
||
7 Day CHG~0.00%
Published-09 May, 2020 | 00:00
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

Action-Not Available
Vendor-json-cn/aFedora ProjectSiemens AGCanonical Ltd.Debian GNU/Linux
Product-sinec_insdebian_linuxubuntu_linuxjson-cfedoran/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-1942
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-1.58% / 81.95%
||
7 Day CHG+0.12%
Published-31 May, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-Fedora ProjectApple Inc.VimDebian GNU/Linux
Product-fedoradebian_linuxvimmacosvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-1619
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.1||MEDIUM
EPSS-2.86% / 86.54%
||
7 Day CHG~0.00%
Published-08 May, 2022 | 00:00
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in function cmdline_erase_chars in vim/vim

Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution

Action-Not Available
Vendor-NetApp, Inc.VimFedora ProjectDebian GNU/LinuxApple Inc.
Product-debian_linuxvimhci_management_nodefedoramacossolidfirevim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-13428
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-7.48% / 91.95%
||
7 Day CHG~0.00%
Published-08 Jun, 2020 | 18:13
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.

Action-Not Available
Vendor-n/aVideoLANDebian GNU/Linux
Product-vlc_media_playerdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-1304
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.66% / 71.64%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 20:05
Updated-23 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

Action-Not Available
Vendor-e2fsprogs_projectn/aFedora ProjectRed Hat, Inc.
Product-e2fsprogsenterprise_linuxfedorae2fsprogs
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0261
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.96%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-mac_os_xdebian_linuxvimmacosvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0359
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.1||MEDIUM
EPSS-0.18% / 39.96%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-macosdebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0392
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.1||MEDIUM
EPSS-0.16% / 36.89%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-macosdebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0417
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-0.33% / 56.45%
||
7 Day CHG~0.00%
Published-01 Feb, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/Linux
Product-fedoradebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0572
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-1.77% / 83.00%
||
7 Day CHG~0.00%
Published-13 Feb, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-Fedora ProjectApple Inc.VimDebian GNU/Linux
Product-fedoradebian_linuxvimmacosvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0213
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 35.13%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 00:00
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-VimDebian GNU/Linux
Product-debian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0361
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-0.20% / 41.95%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-macosdebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0629
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-5.29% / 90.21%
||
7 Day CHG~0.00%
Published-17 Feb, 2022 | 00:00
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in vim/vim

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/LinuxApple Inc.
Product-vimdebian_linuxmacosfedoravim/vim
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-11958
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.46% / 64.57%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 00:37
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.

Action-Not Available
Vendor-re2cn/aCanonical Ltd.
Product-ubuntu_linuxre2cn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5029
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.23% / 79.55%
||
7 Day CHG-0.03%
Published-24 Apr, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncRed Hat, Inc.libxml2 (XMLSoft)Microsoft CorporationDebian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationlibxsltenterprise_linux_desktopwindowsmacoschromeandroidlinux_kernelGoogle Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0408
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-0.24% / 47.16%
||
7 Day CHG~0.00%
Published-30 Jan, 2022 | 00:00
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in vim/vim

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-Fedora ProjectVimDebian GNU/Linux
Product-vimdebian_linuxfedoravim/vim
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-10531
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 74.27%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 18:09
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

Action-Not Available
Vendor-icu-projectn/aCanonical Ltd.Node.js (OpenJS Foundation)Google LLCRed Hat, Inc.openSUSEFedora ProjectDebian GNU/LinuxOracle Corporation
Product-enterprise_linux_serverubuntu_linuxdebian_linuxchromeenterprise_linux_workstationfedorainternational_components_for_unicodebanking_extensibility_workbenchenterprise_linux_desktopnode.jsleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-21148
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-22.31% / 95.94%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 15:30
Updated-24 Oct, 2025 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Debian GNU/LinuxGoogle LLCFedora Project
Product-fedoradebian_linuxchromeChromeChromium V8
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9928
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-16.75% / 95.08%
||
7 Day CHG~0.00%
Published-24 Apr, 2019 | 14:48
Updated-17 Mar, 2026 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.

Action-Not Available
Vendor-gstreamern/aCanonical Ltd.Debian GNU/Linux
Product-debian_linuxubuntu_linuxgstreamern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-4058
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.75% / 82.94%
||
7 Day CHG-0.67%
Published-23 Dec, 2021 | 00:45
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9956
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 74.26%
||
7 Day CHG~0.00%
Published-23 Mar, 2019 | 23:14
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9077
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 53.06%
||
7 Day CHG~0.00%
Published-24 Feb, 2019 | 00:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.

Action-Not Available
Vendor-n/aF5, Inc.GNUNetApp, Inc.Canonical Ltd.
Product-ubuntu_linuxtraffix_signaling_delivery_controllerelement_softwarebinutilsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9075
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 51.05%
||
7 Day CHG~0.00%
Published-24 Feb, 2019 | 00:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.

Action-Not Available
Vendor-n/aF5, Inc.GNUNetApp, Inc.Canonical Ltd.
Product-ubuntu_linuxbig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_local_traffic_managerbig-ip_domain_name_systembig-ip_policy_webacceleratorbig-ip_application_security_managerbinutilssolidfirebig-ip_edge_gatewaybig-ip_link_controllerhci_management_nodebig-ip_access_policy_managerbig-ip_advanced_firewall_managern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8907
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.53% / 67.63%
||
7 Day CHG~0.00%
Published-18 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.

Action-Not Available
Vendor-file_projectn/aCanonical Ltd.openSUSEDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfileleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9278
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-3.75% / 88.26%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774

Action-Not Available
Vendor-n/aCanonical Ltd.Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxandroidfedoraleapAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-9200
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.44% / 87.74%
||
7 Day CHG~0.00%
Published-26 Feb, 2019 | 23:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.freedesktop.org
Product-ubuntu_linuxdebian_linuxpopplern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7659
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.64% / 70.99%
||
7 Day CHG~0.00%
Published-09 Feb, 2019 | 14:00
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are built with that flag.

Action-Not Available
Vendor-genivian/aDebian GNU/Linux
Product-gsoapdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7637
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.21% / 87.29%
||
7 Day CHG~0.00%
Published-08 Feb, 2019 | 11:00
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.

Action-Not Available
Vendor-libsdln/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedorasimple_directmedia_layerleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6245
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.61% / 70.31%
||
7 Day CHG~0.00%
Published-13 Jan, 2019 | 00:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. In the function agg::cell_aa::not_equal, dx is assigned to (x2 - x1). If dx >= dx_limit, which is (16384 << poly_subpixel_shift), this function will call itself recursively. There can be a situation where (x2 - x1) is always bigger than dx_limit during the recursion, leading to continual stack consumption.

Action-Not Available
Vendor-antigrainsvgppn/aDebian GNU/Linux
Product-aggdebian_linuxsvgppn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5820
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 82.40%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-29989
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.52% / 67.23%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 19:12
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5831
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.03% / 84.15%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5836
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.77% / 83.00%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5807
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 82.40%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6212
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.51% / 66.93%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 16:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Canonical Ltd.Apple Inc.Microsoft Corporation
Product-itunesiphone_osubuntu_linuxtvossafariwindowsicloudiTunes for WindowsiCloud for WindowsSafariiOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5817
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.09% / 78.36%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEDebian GNU/LinuxFedora ProjectMicrosoft Corporation
Product-debian_linuxchromefedorawindowsbackportsleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5821
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 82.40%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-5806
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 82.40%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEDebian GNU/LinuxFedora ProjectMicrosoft Corporation
Product-debian_linuxchromefedorawindowsbackportsleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-5813
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 82.40%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5824
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.56% / 81.87%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5808
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.81% / 86.42%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5827
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-4.96% / 89.87%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Canonical Ltd.Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-45078
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.51%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 19:37
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Action-Not Available
Vendor-n/aRed Hat, Inc.GNUNetApp, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxontap_select_deploy_administration_utilityfedoraenterprise_linuxbinutilsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5772
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.31% / 80.20%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5761
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.18% / 79.13%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Fedora ProjectGoogle LLC
Product-enterprise_linux_serverchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5764
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.44% / 81.12%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45911
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 54.38%
||
7 Day CHG~0.00%
Published-28 Dec, 2021 | 00:01
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.

Action-Not Available
Vendor-gif2apng_projectn/aDebian GNU/Linux
Product-gif2apngdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5760
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.44% / 81.12%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-1978
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.44% / 87.74%
||
7 Day CHG~0.00%
Published-12 Dec, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.

Action-Not Available
Vendor-n/aThe GNOME ProjectGIMPRed Hat, Inc.
Product-gimpglibenterprise_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5782
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-74.83% / 98.88%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 89
  • 90
  • Next
Details not found