Vulnerabilities (CVE)

Filtered by CWE-119
Total 12305 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-16869 1 Upx 1 Upx 2025-04-20 6.8 MEDIUM 7.8 HIGH
p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever.
CVE-2017-7019 2 Apple, Microsoft 7 Icloud, Iphone Os, Itunes and 4 more 2025-04-20 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit Page Loading" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2016-9264 1 Libming 1 Libming 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file.
CVE-2016-10324 1 Gnu 1 Osip 2025-04-20 7.5 HIGH 9.8 CRITICAL
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c.
CVE-2017-6416 1 Flexense 1 Sysgauge 2025-04-20 7.5 HIGH 9.8 CRITICAL
An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.
CVE-2017-7051 1 Apple 1 Mac Os X 2025-04-20 7.9 HIGH 8.0 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-5342 1 Tcpdump 1 Tcpdump 2025-04-20 7.5 HIGH 9.8 CRITICAL
In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print().
CVE-2017-11840 1 Microsoft 4 Chakracore, Edge, Windows 10 and 1 more 2025-04-20 7.6 HIGH 7.5 HIGH
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
CVE-2017-3116 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2025-04-20 9.3 HIGH 8.8 HIGH
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the MakeAccessible plugin when parsing TrueType font data. Successful exploitation could lead to arbitrary code execution.
CVE-2017-7741 1 Libsndfile Project 1 Libsndfile 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
CVE-2017-14308 1 Stdutility 1 Stdu Viewer 2025-04-20 4.6 MEDIUM 7.8 HIGH
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ddd."
CVE-2017-2696 1 Huawei 2 Y6ii, Y6ii Firmware 2025-04-20 9.3 HIGH 7.8 HIGH
The emerg_data driver in CAM-L21C10B130 and earlier versions, CAM-L21C185B141 and earlier versions has a buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege.
CVE-2017-11043 1 Google 1 Android 2025-04-20 9.3 HIGH 7.8 HIGH
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a WiFI driver function, an integer overflow leading to heap buffer overflow may potentially occur.
CVE-2017-11935 1 Microsoft 1 Office 2025-04-20 9.3 HIGH 7.8 HIGH
Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".
CVE-2014-9846 5 Canonical, Imagemagick, Opensuse and 2 more 11 Ubuntu Linux, Imagemagick, Leap and 8 more 2025-04-20 7.5 HIGH 9.8 CRITICAL
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
CVE-2017-7127 2 Apple, Microsoft 6 Icloud, Iphone Os, Mac Os X and 3 more 2025-04-20 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. iCloud before 7.0 on Windows is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "SQLite" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-0340 1 Google 1 Android 2025-04-20 9.3 HIGH 7.8 HIGH
An elevation of privilege vulnerability in the NVIDIA Libnvparser component due to a memcpy into a fixed sized buffer with a user-controlled size could lead to a memory corruption and possible remote code execution. This issue is rated as High. Product: Android. Version: N/A. Android ID: A-33968204. References: N-CVE-2017-0340.
CVE-2016-4691 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-20 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
CVE-2017-15803 2 Microsoft, Xnview 2 Windows, Xnview 2025-04-20 6.8 MEDIUM 7.8 HIGH
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000150."
CVE-2017-11798 1 Microsoft 3 Edge, Windows 10, Windows Server 2016 2025-04-20 7.6 HIGH 7.5 HIGH
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.