Vulnerabilities (CVE)

Filtered by CWE-125
Total 8868 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-7456 2 Libgd, Php 2 Libgd, Php 2026-06-17 6.8 MEDIUM 7.6 HIGH
gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.
CVE-2013-3245 1 Videolan 1 Vlc Media Player 2026-06-16 6.8 MEDIUM 6.3 MEDIUM
plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is not an integer overflow error, but an uncaught exception and I doubt that it is exploitable. This uncaught exception makes VLC abort, not execute random code, on my Linux 64bits machine." A PoC posted by the original researcher shows signs of an attacker-controlled out-of-bounds read, but the affected instruction does not involve a register that directly influences control flow
CVE-2013-2807 1 Rockwellautomation 1 Rslinx Enterprise 2026-06-16 7.8 HIGH 7.5 HIGH
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size” that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599
CVE-2013-2805 1 Rockwellautomation 1 Rslinx Enterprise 2026-06-16 7.8 HIGH 7.5 HIGH
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the “Record Data Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599
CVE-2013-0888 5 Apple, Google, Linux and 2 more 5 Mac Os X, Chrome, Linux Kernel and 2 more 2026-06-16 5.0 MEDIUM N/A
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads."
CVE-2013-0779 3 Canonical, Mozilla, Opensuse 6 Ubuntu Linux, Firefox, Seamonkey and 3 more 2026-06-16 9.3 HIGH N/A
The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2013-0778 3 Canonical, Mozilla, Opensuse 6 Ubuntu Linux, Firefox, Seamonkey and 3 more 2026-06-16 9.3 HIGH N/A
The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2013-0767 5 Canonical, Mozilla, Opensuse and 2 more 14 Ubuntu Linux, Firefox, Seamonkey and 11 more 2026-06-16 10.0 HIGH N/A
The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2012-5130 2 Google, Opensuse 2 Chrome, Opensuse 2026-06-16 5.0 MEDIUM N/A
Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2012-5110 1 Google 1 Chrome 2026-06-16 5.0 MEDIUM N/A
The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2012-5109 1 Google 1 Chrome 2026-06-16 5.0 MEDIUM N/A
The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a regular expression.
CVE-2012-4428 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2026-06-16 5.0 MEDIUM 7.5 HIGH
openslp: SLPIntersectStringList()' Function has a DoS vulnerability
CVE-2012-3995 4 Canonical, Mozilla, Redhat and 1 more 12 Ubuntu Linux, Firefox, Seamonkey and 9 more 2026-06-16 9.3 HIGH N/A
The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2012-1798 4 Debian, Imagemagick, Opensuse and 1 more 10 Debian Linux, Imagemagick, Opensuse and 7 more 2026-06-16 4.3 MEDIUM 6.5 MEDIUM
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.
CVE-2012-1571 2 Christos Zoulas, Tim Robbins 2 File, Libmagic 2026-06-16 4.3 MEDIUM 6.5 MEDIUM
file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
CVE-2012-0259 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2026-06-16 4.3 MEDIUM 6.5 MEDIUM
The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.
CVE-2011-3970 3 Google, Suse, Xmlsoft 5 Chrome, Linux Enterprise Desktop, Linux Enterprise Server and 2 more 2026-06-16 4.3 MEDIUM N/A
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3963 1 Google 1 Chrome 2026-06-16 5.0 MEDIUM N/A
Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3962 1 Google 1 Chrome 2026-06-16 4.3 MEDIUM N/A
Google Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3960 1 Google 1 Chrome 2026-06-16 4.3 MEDIUM N/A
Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.