Vulnerabilities (CVE)

Filtered by CWE-119
Total 12305 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-11571 1 Fontforge 1 Fontforge 2025-04-20 6.8 MEDIUM 7.8 HIGH
FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via a crafted otf file.
CVE-2017-9047 1 Xmlsoft 1 Libxml2 2025-04-20 5.0 MEDIUM 7.5 HIGH
A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.
CVE-2017-7056 2 Apple, Microsoft 7 Icloud, Iphone Os, Itunes and 4 more 2025-04-20 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-12969 1 Avaya 1 Ip Office Contact Center 2025-04-20 6.8 MEDIUM 8.8 HIGH
Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.
CVE-2017-2377 1 Apple 2 Iphone Os, Safari 2025-04-20 5.0 MEDIUM 7.5 HIGH
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a window-close action during a debugger-pause state.
CVE-2016-7926 1 Tcpdump 1 Tcpdump 2025-04-20 7.5 HIGH 9.8 CRITICAL
The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().
CVE-2016-8687 2 Libarchive, Opensuse 2 Libarchive, Leap 2025-04-20 5.0 MEDIUM 7.5 HIGH
Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.
CVE-2017-5119 2 Debian, Google 2 Debian Linux, Chrome 2025-04-20 4.3 MEDIUM 4.3 MEDIUM
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2017-8181 1 Huawei 2 Mtk Platform Smart Phone, Mtk Platform Smart Phone Firmware 2025-04-20 6.8 MEDIUM 7.8 HIGH
The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a arbitrary memory write vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious application which has special privilege and sends a specific parameter to the driver of the smart phone, causing privilege escalation.
CVE-2017-11640 1 Imagemagick 1 Imagemagick 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.
CVE-2016-7594 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-20 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ICU" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-11278 1 Adobe 1 Digital Editions 2025-04-20 5.0 MEDIUM 7.5 HIGH
Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2017-9775 3 Debian, Freedesktop, Redhat 8 Debian Linux, Poppler, Enterprise Linux Desktop and 5 more 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
CVE-2016-5321 2 Libtiff, Opensuse 2 Libtiff, Opensuse 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.
CVE-2017-0548 1 Google 1 Android 2025-04-20 7.1 HIGH 5.5 MEDIUM
A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605.
CVE-2017-13800 1 Apple 1 Mac Os X 2025-04-20 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-9872 1 Lame Project 1 Lame 2025-04-20 6.8 MEDIUM 7.8 HIGH
The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.
CVE-2014-9819 1 Imagemagick 1 Imagemagick 2025-04-20 6.8 MEDIUM 7.8 HIGH
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.
CVE-2017-11696 1 Mozilla 1 Network Security Services 2025-04-20 4.6 MEDIUM 7.8 HIGH
Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
CVE-2017-5705 1 Intel 1 Manageability Engine Firmware 2025-04-20 7.2 HIGH 7.8 HIGH
Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code.