Total
2524 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2339 | 1 Ruby-lang | 1 Ruby | 2025-04-20 | N/A |
| An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow. | ||||
| CVE-2017-11339 | 1 Exiv2 | 1 Exiv2 | 2025-04-20 | N/A |
| There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | ||||
| CVE-2017-11533 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c. | ||||
| CVE-2017-11540 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c. | ||||
| CVE-2016-7533 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 6.5 Medium |
| The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file. | ||||
| CVE-2016-9556 | 3 Debian, Imagemagick, Opensuse Project | 3 Debian Linux, Imagemagick, Leap | 2025-04-20 | N/A |
| The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. | ||||
| CVE-2016-7532 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 6.5 Medium |
| coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | ||||
| CVE-2016-9773 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556. | ||||
| CVE-2017-1000112 | 2 Linux, Redhat | 8 Linux Kernel, Enterprise Linux, Enterprise Mrg and 5 more | 2025-04-20 | 7.0 High |
| Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005. | ||||
| CVE-2017-7611 | 3 Canonical, Debian, Elfutils Project | 3 Ubuntu Linux, Debian Linux, Elfutils | 2025-04-20 | N/A |
| The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | ||||
| CVE-2017-7610 | 3 Canonical, Debian, Elfutils Project | 3 Ubuntu Linux, Debian Linux, Elfutils | 2025-04-20 | N/A |
| The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | ||||
| CVE-2016-9298 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image. | ||||
| CVE-2017-7607 | 1 Elfutils Project | 1 Elfutils | 2025-04-20 | N/A |
| The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | ||||
| CVE-2013-7459 | 2 Dlitz, Fedoraproject | 2 Pycrypto, Fedora | 2025-04-20 | N/A |
| Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. | ||||
| CVE-2017-14497 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-20 | 7.8 High |
| The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls. | ||||
| CVE-2017-11572 | 1 Fontforge | 1 Fontforge | 2025-04-20 | N/A |
| FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code execution via a crafted otf file. | ||||
| CVE-2016-8704 | 2 Memcached, Redhat | 3 Memcached, Enterprise Linux, Mobile Application Platform | 2025-04-20 | N/A |
| An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | ||||
| CVE-2017-15020 | 1 Gnu | 1 Binutils | 2025-04-20 | N/A |
| dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read. | ||||
| CVE-2016-8678 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64." | ||||
| CVE-2016-10093 | 1 Libtiff | 1 Libtiff | 2025-04-20 | N/A |
| Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow. | ||||