Total
7075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5054 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page. | |||||
| CVE-2017-9728 | 1 Uclibc | 1 Uclibc | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp function in misc/regex/regexec.c when processing a crafted regular expression. | |||||
| CVE-2017-8310 | 1 Videolan | 1 Vlc Media Player | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file. | |||||
| CVE-2017-12452 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file. | |||||
| CVE-2016-10028 | 1 Qemu | 1 Qemu | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0. | |||||
| CVE-2017-11119 | 1 Nosefart Project | 1 Nosefart | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a in Nosefart 2.9-mls allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted nsf file. | |||||
| CVE-2016-7527 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||||
| CVE-2017-17787 | 3 Canonical, Debian, Gimp | 3 Ubuntu Linux, Debian Linux, Gimp | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c. | |||||
| CVE-2016-10197 | 2 Debian, Libevent Project | 2 Debian Linux, Libevent | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname. | |||||
| CVE-2017-5846 | 1 Gstreamer Project | 1 Gstreamer | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file. | |||||
| CVE-2017-15319 | 1 Huawei | 10 Rp200, Rp200 Firmware, Te30 and 7 more | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. | |||||
| CVE-2017-3053 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of the APP13 segment in JPEG files. | |||||
| CVE-2017-11570 | 1 Fontforge | 1 Fontforge | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c) resulting in DoS or code execution via a crafted otf file. | |||||
| CVE-2017-8454 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. | |||||
| CVE-2017-8258 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver. | |||||
| CVE-2017-13009 | 1 Tcpdump | 1 Tcpdump | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print(). | |||||
| CVE-2017-9620 | 1 Artifex | 1 Ghostscript Ghostxps | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function. | |||||
| CVE-2017-12957 | 1 Exiv2 | 1 Exiv2 | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service. | |||||
| CVE-2017-16384 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the exif processing module for a PNG file (during XPS conversion). Invalid input leads to a computation where pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc. | |||||
| CVE-2017-11668 | 1 Eapmd5pass Project | 1 Eapmd5pass | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic. | |||||