Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-5824

Summary
Assigner-Chrome
Assigner Org ID-ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At-27 Jun, 2019 | 16:13
Updated At-04 Aug, 2024 | 20:09
Rejected At-
Credits

Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Chrome
Assigner Org ID:ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At:27 Jun, 2019 | 16:13
Updated At:04 Aug, 2024 | 20:09
Rejected At:
▼CVE Numbering Authority (CNA)

Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected Products
Vendor
Google LLCGoogle
Product
Chrome
Versions
Affected
  • From unspecified before 74.0.3729.131 (custom)
Problem Types
TypeCWE IDDescription
textN/AParameter passing error
Type: text
CWE ID: N/A
Description: Parameter passing error
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://crbug.com/948564
x_refsource_MISC
https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
vendor-advisory
x_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
vendor-advisory
x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
vendor-advisory
x_refsource_FEDORA
https://www.debian.org/security/2019/dsa-4500
vendor-advisory
x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Aug/19
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://crbug.com/948564
Resource:
x_refsource_MISC
Hyperlink: https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html
Resource:
x_refsource_MISC
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://www.debian.org/security/2019/dsa-4500
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://seclists.org/bugtraq/2019/Aug/19
Resource:
mailing-list
x_refsource_BUGTRAQ
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://crbug.com/948564
x_refsource_MISC
x_transferred
https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html
x_refsource_MISC
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
vendor-advisory
x_refsource_FEDORA
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
vendor-advisory
x_refsource_FEDORA
x_transferred
https://www.debian.org/security/2019/dsa-4500
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://seclists.org/bugtraq/2019/Aug/19
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://crbug.com/948564
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://www.debian.org/security/2019/dsa-4500
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://seclists.org/bugtraq/2019/Aug/19
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:chrome-cve-admin@google.com
Published At:27 Jun, 2019 | 17:15
Updated At:07 Nov, 2023 | 03:12

Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Google LLC
google
>>chrome>>Versions before 74.0.3729.131(exclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
openSUSE
opensuse
>>backports>>sle-15
cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.0
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>42.3
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>29
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>30
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.htmlchrome-cve-admin@google.com
N/A
https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.htmlchrome-cve-admin@google.com
N/A
https://crbug.com/948564chrome-cve-admin@google.com
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/chrome-cve-admin@google.com
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/chrome-cve-admin@google.com
N/A
https://seclists.org/bugtraq/2019/Aug/19chrome-cve-admin@google.com
N/A
https://www.debian.org/security/2019/dsa-4500chrome-cve-admin@google.com
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://crbug.com/948564
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://seclists.org/bugtraq/2019/Aug/19
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://www.debian.org/security/2019/dsa-4500
Source: chrome-cve-admin@google.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7203Records found
CVE-2017-2986
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-38.11% / 97.12%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2862
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-5.69% / 90.20%
||
7 Day CHG~0.00%
Published-05 Sep, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.

Action-Not Available
Vendor-Debian GNU/LinuxThe GNOME Project
Product-gdk-pixbufdebian_linuxGdk-Pixbuf
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3069
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.02% / 83.42%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3074
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.02% / 83.42%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2991
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.39% / 80.04%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3072
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.02% / 83.42%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3099
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.17% / 78.30%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 26.0.0.131 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2934
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-69.09% / 98.59%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2834
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-1.07% / 77.36%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-16 Sep, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability.

Action-Not Available
Vendor-FreeRDPDebian GNU/Linux
Product-freerdpdebian_linuxFreeRDP
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2992
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-38.11% / 97.12%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2931
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-67.94% / 98.54%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2887
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-1.66% / 81.73%
||
7 Day CHG~0.00%
Published-11 Oct, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.

Action-Not Available
Vendor-libsdlDebian GNU/LinuxTalos (Cisco Systems, Inc.)
Product-debian_linuxsdl_imageSimple Direct Media
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-10531
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 73.47%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 18:09
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

Action-Not Available
Vendor-icu-projectn/aCanonical Ltd.Node.js (OpenJS Foundation)Google LLCRed Hat, Inc.openSUSEFedora ProjectDebian GNU/LinuxOracle Corporation
Product-enterprise_linux_serverubuntu_linuxdebian_linuxchromeenterprise_linux_workstationfedorainternational_components_for_unicodebanking_extensibility_workbenchenterprise_linux_desktopnode.jsleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-2933
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-69.09% / 98.59%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2935
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-69.09% / 98.59%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2926
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.69%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0489
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.48% / 64.57%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 15:56
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Parse_data of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151096540

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2996
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.65% / 85.41%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2930
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-81.97% / 99.17%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2999
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.29% / 84.38%
||
7 Day CHG~0.00%
Published-14 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.221 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2998
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.29% / 84.38%
||
7 Day CHG~0.00%
Published-14 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.221 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2896
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.72%
||
7 Day CHG~0.00%
Published-20 Nov, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

Action-Not Available
Vendor-libxls_projectlibxlsDebian GNU/Linux
Product-debian_linuxlibxlslibxls
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2990
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.26% / 84.29%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2924
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-2.23% / 84.21%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-16 Sep, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

Action-Not Available
Vendor-Debian GNU/LinuxFreeXL (Alessandro Furieri)
Product-freexldebian_linuxFreeXL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2988
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-60.86% / 98.25%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2919
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-1.30% / 79.39%
||
7 Day CHG~0.00%
Published-20 Nov, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability

Action-Not Available
Vendor-libxls_projectlibxlsDebian GNU/Linux
Product-debian_linuxlibxlslibxls
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2928
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.25% / 86.83%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0138
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-5.52% / 90.04%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In get_element_attr_rsp of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if bluetoothtbd were used, which it isn't in typical Android platforms, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142878416

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0086
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 40.42%
||
7 Day CHG~0.00%
Published-15 Mar, 2020 | 21:15
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to arbitrary code execution if IntSan were not enabled, which it is by default. No additional execution privileges are required. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-131859347

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-3068
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-68.46% / 98.56%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0002
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.29% / 51.80%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 18:26
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142602711

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9956
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 73.46%
||
7 Day CHG~0.00%
Published-23 Mar, 2019 | 23:14
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2835
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.68% / 71.14%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability.

Action-Not Available
Vendor-FreeRDPDebian GNU/Linux
Product-freerdpdebian_linuxFreeRDP
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0321
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.76%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:51
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the mp3 extractor, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155171907

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2019-9382
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.76%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libeffects, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120874654

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0032
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-1.76% / 82.29%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:55
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-145364230

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9405
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.76%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112890225

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-0319
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.47%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 15:04
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137868765

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0245
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-4.10% / 88.34%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 15:29
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152496149

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0194
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.48% / 64.57%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143826590

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-0264
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.76%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:51
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-116718596

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-0478
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.47%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 15:54
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In extend_frame_lowbd of restoration.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150780418

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0449
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.29% / 51.80%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 12:52
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-162497143

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0190
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.89% / 75.16%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ideint_weave_blk of ideint_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140324890

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0168
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.48% / 64.57%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv of impeg2_format_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137798382

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9928
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-17.34% / 94.89%
||
7 Day CHG~0.00%
Published-24 Apr, 2019 | 14:48
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.

Action-Not Available
Vendor-gstreamer_projectn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxgstreamerdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0131
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.48% / 64.57%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds write due to incompletely initialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-151159638

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9200
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-5.30% / 89.79%
||
7 Day CHG~0.00%
Published-26 Feb, 2019 | 23:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.freedesktop.org
Product-ubuntu_linuxdebian_linuxpopplern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9303
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.76%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661057

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-9308
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.76%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661742

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 144
  • 145
  • Next
Details not found