Total
7075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9809 | 1 Gstreamer | 1 Gstreamer | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. | |||||
| CVE-2017-11669 | 1 Eapmd5pass Project | 1 Eapmd5pass | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:211 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic. | |||||
| CVE-2017-13042 | 1 Tcpdump | 1 Tcpdump | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print(). | |||||
| CVE-2017-14903 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload length is less than 7. | |||||
| CVE-2017-16358 | 1 Radare | 1 Radare2 | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search. | |||||
| CVE-2017-15368 | 1 Radare | 1 Radare2 | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call. | |||||
| CVE-2017-6347 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission. | |||||
| CVE-2017-5196 | 1 Irssi | 1 Irssi | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving strings that are not UTF8. | |||||
| CVE-2017-16365 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the True Type2 Font parsing module. A corrupted cmap table input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc. | |||||
| CVE-2016-2375 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure. | |||||
| CVE-2015-8608 | 1 Perl | 1 Perl | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument. | |||||
| CVE-2017-9740 | 1 Artifex | 1 Ghostscript Ghostxps | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2017-6883 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
| The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. | |||||
| CVE-2017-12940 | 1 Rarlab | 1 Unrar | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. | |||||
| CVE-2017-11336 | 1 Exiv2 | 1 Exiv2 | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | |||||
| CVE-2017-12963 | 1 Libsass | 1 Libsass | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix (available from GitHub after 2017-07-24). | |||||
| CVE-2017-16420 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is in the part of the JavaScript engine that handles annotation abstraction. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | |||||
| CVE-2017-5077 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient validation of untrusted input in Skia in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2017-7300 | 1 Gnu | 1 Binutils | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash. | |||||
| CVE-2017-13044 | 1 Tcpdump | 1 Tcpdump | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print(). | |||||