Total
14048 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9156 | 1 Autotrace Project | 1 Autotrace | 2025-04-20 | N/A |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:303:12. | ||||
| CVE-2017-11330 | 1 Divfix | 1 Divfix\+\+ | 2025-04-20 | N/A |
| The DivFixppCore::avi_header_fix function in DivFix++Core.cpp in DivFix++ v0.34 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted avi file. | ||||
| CVE-2016-5802 | 1 Delta Electronics | 3 Ispsoft, Pmsoft, Wplsoft | 2025-04-20 | N/A |
| An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write conditions may allow malicious files to be read and executed by the affected software. | ||||
| CVE-2017-6438 | 1 Libplist Project | 1 Libplist | 2025-04-20 | N/A |
| Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) and possibly code execution via a crafted plist file. | ||||
| CVE-2017-6439 | 1 Libplist Project | 1 Libplist | 2025-04-20 | N/A |
| Heap-based buffer overflow in the parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) via a crafted plist file. | ||||
| CVE-2017-6440 | 1 Libplist Project | 1 Libplist | 2025-04-20 | N/A |
| The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file. | ||||
| CVE-2017-8271 | 1 Google | 1 Android | 2025-04-20 | N/A |
| Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter. | ||||
| CVE-2017-7875 | 1 Feh Project | 1 Feh | 2025-04-20 | N/A |
| In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free. | ||||
| CVE-2017-7856 | 1 Libreoffice | 1 Libreoffice | 2025-04-20 | N/A |
| LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx. | ||||
| CVE-2017-5884 | 3 Fedoraproject, Gnome, Redhat | 3 Fedora, Gtk-vnc, Enterprise Linux | 2025-04-20 | N/A |
| gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. | ||||
| CVE-2016-7392 | 1 Autotrace Project | 1 Autotrace | 2025-04-20 | 5.5 Medium |
| Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file. | ||||
| CVE-2017-7863 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | N/A |
| FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. | ||||
| CVE-2017-12955 | 1 Exiv2 | 1 Exiv2 | 2025-04-20 | N/A |
| There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact. | ||||
| CVE-2017-8923 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-04-20 | 9.8 Critical |
| The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. | ||||
| CVE-2017-8400 | 1 Swftools | 1 Swftools | 2025-04-20 | N/A |
| In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution. | ||||
| CVE-2017-1000255 | 3 Ibm, Linux, Redhat | 4 Powerpc Power8, Powerpc Power9, Linux Kernel and 1 more | 2025-04-20 | N/A |
| On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: "5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable. | ||||
| CVE-2017-5957 | 2 Qemu, Virglrenderer Project | 2 Qemu, Virglrenderer | 2025-04-20 | 5.5 Medium |
| Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument. | ||||
| CVE-2017-0638 | 1 Google | 1 Android | 2025-04-20 | N/A |
| A remote code execution vulnerability in System UI component could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High because it is a remote arbitrary code execution in an unprivileged process. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36368305. | ||||
| CVE-2016-10247 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2025-04-20 | 5.5 Medium |
| Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. | ||||
| CVE-2017-1000363 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-20 | 7.8 High |
| Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line. | ||||