Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-19143

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-09 Sep, 2021 | 14:25
Updated At-04 Aug, 2024 | 14:08
Rejected At-
Credits

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:09 Sep, 2021 | 14:25
Updated At:04 Aug, 2024 | 14:08
Rejected At:
▼CVE Numbering Authority (CNA)

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://bugzilla.maptools.org/show_bug.cgi?id=2851
x_refsource_MISC
https://gitlab.com/libtiff/libtiff/-/issues/158
x_refsource_MISC
https://gitlab.com/libtiff/libtiff/-/merge_requests/119
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20211004-0005/
x_refsource_CONFIRM
https://www.debian.org/security/2021/dsa-4997
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://bugzilla.maptools.org/show_bug.cgi?id=2851
Resource:
x_refsource_MISC
Hyperlink: https://gitlab.com/libtiff/libtiff/-/issues/158
Resource:
x_refsource_MISC
Hyperlink: https://gitlab.com/libtiff/libtiff/-/merge_requests/119
Resource:
x_refsource_MISC
Hyperlink: https://security.netapp.com/advisory/ntap-20211004-0005/
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.debian.org/security/2021/dsa-4997
Resource:
vendor-advisory
x_refsource_DEBIAN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://bugzilla.maptools.org/show_bug.cgi?id=2851
x_refsource_MISC
x_transferred
https://gitlab.com/libtiff/libtiff/-/issues/158
x_refsource_MISC
x_transferred
https://gitlab.com/libtiff/libtiff/-/merge_requests/119
x_refsource_MISC
x_transferred
https://security.netapp.com/advisory/ntap-20211004-0005/
x_refsource_CONFIRM
x_transferred
https://www.debian.org/security/2021/dsa-4997
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://bugzilla.maptools.org/show_bug.cgi?id=2851
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://gitlab.com/libtiff/libtiff/-/issues/158
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://gitlab.com/libtiff/libtiff/-/merge_requests/119
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20211004-0005/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.debian.org/security/2021/dsa-4997
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Sep, 2021 | 15:15
Updated At:30 Nov, 2021 | 19:38

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
simplesystems
simplesystems
>>libtiff>>4.0.10
cpe:2.3:a:simplesystems:libtiff:4.0.10:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugzilla.maptools.org/show_bug.cgi?id=2851cve@mitre.org
Issue Tracking
Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/issues/158cve@mitre.org
Issue Tracking
Patch
Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/merge_requests/119cve@mitre.org
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20211004-0005/cve@mitre.org
Third Party Advisory
https://www.debian.org/security/2021/dsa-4997cve@mitre.org
Third Party Advisory
Hyperlink: http://bugzilla.maptools.org/show_bug.cgi?id=2851
Source: cve@mitre.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://gitlab.com/libtiff/libtiff/-/issues/158
Source: cve@mitre.org
Resource:
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://gitlab.com/libtiff/libtiff/-/merge_requests/119
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20211004-0005/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2021/dsa-4997
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2100Records found
CVE-2014-1523
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.54% / 66.61%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSERed Hat, Inc.Fedora ProjectDebian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_eusfirefoxenterprise_linux_server_eusthunderbirddebian_linuxenterprise_linux_server_ausfedoraseamonkeyfirefox_esrubuntu_linuxenterprise_linux_desktopopensusesuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_workstationn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-2857
Matching Score-10
Assigner-GitLab Inc.
ShareView Details
Matching Score-10
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 14.75%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 00:00
Updated-15 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

Action-Not Available
Vendor-Wireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkWireshark
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-27841
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.56%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 17:18
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.

Action-Not Available
Vendor-uclouvainn/aOracle CorporationFedora ProjectDebian GNU/Linux
Product-openjpegdebian_linuxfedoraoutside_in_technologyopenjpeg
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-22033
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.04% / 76.56%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 18:42
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43253
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.22%
||
7 Day CHG~0.00%
Published-02 Nov, 2022 | 00:00
Updated-02 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

Action-Not Available
Vendor-strukturn/aDebian GNU/Linux
Product-debian_linuxlibde265n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43252
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.22%
||
7 Day CHG~0.00%
Published-02 Nov, 2022 | 00:00
Updated-02 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

Action-Not Available
Vendor-strukturn/aDebian GNU/Linux
Product-debian_linuxlibde265n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43241
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.35%
||
7 Day CHG~0.00%
Published-02 Nov, 2022 | 00:00
Updated-05 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

Action-Not Available
Vendor-strukturn/aDebian GNU/Linux
Product-libde265debian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43243
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.22%
||
7 Day CHG~0.00%
Published-02 Nov, 2022 | 00:00
Updated-05 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

Action-Not Available
Vendor-strukturn/aDebian GNU/Linux
Product-libde265debian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43240
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.22%
||
7 Day CHG~0.00%
Published-02 Nov, 2022 | 00:00
Updated-05 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

Action-Not Available
Vendor-strukturn/aDebian GNU/Linux
Product-libde265debian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43239
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.97%
||
7 Day CHG~0.00%
Published-02 Nov, 2022 | 00:00
Updated-05 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

Action-Not Available
Vendor-strukturn/aDebian GNU/Linux
Product-libde265debian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43248
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.22%
||
7 Day CHG~0.00%
Published-02 Nov, 2022 | 00:00
Updated-02 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

Action-Not Available
Vendor-strukturn/aDebian GNU/Linux
Product-debian_linuxlibde265n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43236
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.97%
||
7 Day CHG~0.00%
Published-02 Nov, 2022 | 00:00
Updated-02 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

Action-Not Available
Vendor-strukturn/aDebian GNU/Linux
Product-debian_linuxlibde265n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43242
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.61%
||
7 Day CHG~0.00%
Published-02 Nov, 2022 | 00:00
Updated-05 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

Action-Not Available
Vendor-strukturn/aDebian GNU/Linux
Product-libde265debian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43249
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.61%
||
7 Day CHG~0.00%
Published-02 Nov, 2022 | 00:00
Updated-02 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

Action-Not Available
Vendor-strukturn/aDebian GNU/Linux
Product-debian_linuxlibde265n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-19144
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 49.46%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 14:25
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.

Action-Not Available
Vendor-simplesystemsn/aNetApp, Inc.Debian GNU/Linux
Product-ontap_select_deploy_administration_utilitylibtiffdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43244
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.35%
||
7 Day CHG~0.00%
Published-02 Nov, 2022 | 00:00
Updated-05 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

Action-Not Available
Vendor-strukturn/aDebian GNU/Linux
Product-libde265debian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21533
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.25%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 20:27
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.

Action-Not Available
Vendor-xfig_projectn/aDebian GNU/Linux
Product-fig2devdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0741
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-42.54% / 97.37%
||
7 Day CHG-0.59%
Published-23 Jan, 2024 | 13:48
Updated-30 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/Linux
Product-firefoxfirefox_esrdebian_linuxthunderbirdThunderbirdFirefoxFirefox ESR
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21529
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.04%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 00:00
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.

Action-Not Available
Vendor-xfig_projectn/aDebian GNU/Linux
Product-fig2devdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21599
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.69%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 00:00
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.

Action-Not Available
Vendor-strukturn/aDebian GNU/Linux
Product-debian_linuxlibde265n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-21675
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.97%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 20:19
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format.

Action-Not Available
Vendor-fig2dev_projectn/aDebian GNU/Linux
Product-fig2devdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-19189
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.68% / 81.44%
||
7 Day CHG-0.27%
Published-22 Aug, 2023 | 00:00
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

Action-Not Available
Vendor-n/aNetApp, Inc.GNUDebian GNU/Linux
Product-debian_linuxactive_iq_unified_managerncursesn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-16287
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.68% / 70.70%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:07
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxArtifex Software Inc.
Product-ubuntu_linuxdebian_linuxghostscriptn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-12221
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.89% / 82.44%
||
7 Day CHG~0.00%
Published-20 May, 2019 | 16:33
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.

Action-Not Available
Vendor-libsdln/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxsdl2_imagedebian_linuxfedorabackports_slesimple_directmedia_layerleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-16289
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.89% / 74.60%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:07
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxArtifex Software Inc.
Product-ubuntu_linuxdebian_linuxghostscriptn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-16309
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.68% / 70.70%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:09
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxArtifex Software Inc.
Product-ubuntu_linuxdebian_linuxghostscriptn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-16589
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 33.42%
||
7 Day CHG-0.05%
Published-09 Dec, 2020 | 00:00
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.

Action-Not Available
Vendor-openexrn/aDebian GNU/Linux
Product-openexrdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-16296
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.69% / 70.93%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:08
Updated-24 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

Action-Not Available
Vendor-n/aArtifex Software Inc.Debian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxghostscriptdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-16300
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.68% / 70.70%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:08
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxArtifex Software Inc.
Product-ubuntu_linuxdebian_linuxghostscriptn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-16305
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.76% / 72.30%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:09
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxArtifex Software Inc.
Product-ubuntu_linuxdebian_linuxghostscriptn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-16308
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.68% / 70.70%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:09
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxArtifex Software Inc.
Product-ubuntu_linuxdebian_linuxghostscriptn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-17538
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.69% / 70.93%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:10
Updated-24 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

Action-Not Available
Vendor-n/aArtifex Software Inc.Debian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxghostscriptdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-15999
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-93.15% / 99.79%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 00:00
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-freetypeNetApp, Inc.Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxontap_select_deploy_administration_utilityfreetypechromefedorabackports_sleChromeChrome FreeType
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-12216
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.09% / 76.99%
||
7 Day CHG~0.00%
Published-20 May, 2019 | 16:32
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.

Action-Not Available
Vendor-libsdln/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxsdl2_imagedebian_linuxfedorasimple_directmedia_layern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-11474
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.67% / 81.37%
||
7 Day CHG~0.00%
Published-23 Apr, 2019 | 13:55
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.

Action-Not Available
Vendor-n/aFedora ProjectCanonical Ltd.Debian GNU/LinuxGraphicsMagickopenSUSE
Product-ubuntu_linuxdebian_linuxfedorabackports_slegraphicsmagickleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-682
Incorrect Calculation
CVE-2022-3627
Matching Score-10
Assigner-GitLab Inc.
ShareView Details
Matching Score-10
Assigner-GitLab Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.73%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.

Action-Not Available
Vendor-LibTIFFNetApp, Inc.Debian GNU/Linux
Product-libtiffdebian_linuxactive_iq_unified_managerlibtiff
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-1010301
Matching Score-10
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-10
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 33.51%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 17:10
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.

Action-Not Available
Vendor-jhead_projectjheadDebian GNU/LinuxFedora Project
Product-jheaddebian_linuxfedorajhead
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-11764
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.49% / 64.68%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 22:41
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.

Action-Not Available
Vendor-openexrn/aDebian GNU/LinuxCanonical Ltd.openSUSEFedora ProjectApple Inc.
Product-ubuntu_linuxitunesiphone_osdebian_linuxipadostvoswatchosfedoramac_os_xopenexricloudleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-7877
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.54% / 66.74%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 18:00
Updated-16 Sep, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for DOUBLE data. A Crafted input will lead to a denial of service attack.

Action-Not Available
Vendor-libmingn/aDebian GNU/Linux
Product-libmingdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-7873
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.38% / 79.53%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 18:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack.

Action-Not Available
Vendor-libmingn/aDebian GNU/Linux
Product-libmingdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-11763
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.36% / 57.63%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 22:41
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.

Action-Not Available
Vendor-openexrn/aDebian GNU/LinuxCanonical Ltd.openSUSEFedora ProjectApple Inc.
Product-ubuntu_linuxitunesiphone_osdebian_linuxipadostvoswatchosfedoramac_os_xopenexricloudleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-7867
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.56% / 67.38%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 18:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A Crafted input will lead to a denial of service attack.

Action-Not Available
Vendor-libmingn/aDebian GNU/Linux
Product-libmingdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-6123
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.98% / 82.80%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 19:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-6187
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 56.63%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 10:00
Updated-11 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxArtifex Software Inc.
Product-debian_linuxmupdfn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-36410
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.14%
||
7 Day CHG~0.00%
Published-10 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.

Action-Not Available
Vendor-strukturn/aDebian GNU/Linux
Product-debian_linuxlibde265n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5800
Matching Score-10
Assigner-Flexera Software LLC
ShareView Details
Matching Score-10
Assigner-Flexera Software LLC
CVSS Score-6.5||MEDIUM
EPSS-2.26% / 83.96%
||
7 Day CHG~0.00%
Published-07 Dec, 2018 | 22:00
Updated-05 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

Action-Not Available
Vendor-librawn/aCanonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxlibrawdebian_linuxenterprise_linux_workstationenterprise_linux_desktopLibRaw
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-193
Off-by-one Error
CVE-2021-36054
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-0.24% / 47.64%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 14:33
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMP Toolkit SDK Heap-based Buffer Overflow in the PSD_MetaHandler::CacheFileData Could Lead To Application Denial Of Service

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-xmp_toolkit_software_development_kitdebian_linuxXMP Toolkit
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-2598
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.78%
||
7 Day CHG~0.00%
Published-01 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Write to API in vim/vim

Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.

Action-Not Available
Vendor-VimDebian GNU/Linux
Product-debian_linuxvimvim/vim
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5268
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.34% / 55.74%
||
7 Day CHG~0.00%
Published-08 Jan, 2018 | 05:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.

Action-Not Available
Vendor-opencvn/aDebian GNU/Linux
Product-debian_linuxopencvn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9209
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.48% / 64.26%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 04:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.

Action-Not Available
Vendor-n/aCanonical Ltd.Wireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkubuntu_linuxdebian_linuxleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-193
Off-by-one Error
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 41
  • 42
  • Next
Details not found