Total
2907 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7867 | 2 Debian, Icu-project | 2 Debian Linux, International Components For Unicode | 2025-04-20 | N/A |
| International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. | ||||
| CVE-2017-9038 | 1 Gnu | 1 Binutils | 2025-04-20 | N/A |
| GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets. | ||||
| CVE-2016-8706 | 2 Memcached, Redhat | 2 Memcached, Enterprise Linux | 2025-04-20 | N/A |
| An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | ||||
| CVE-2017-9726 | 2 Artifex, Debian | 2 Ghostscript Ghostxps, Debian Linux | 2025-04-20 | N/A |
| The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | ||||
| CVE-2016-8705 | 2 Memcached, Redhat | 3 Memcached, Enterprise Linux, Mobile Application Platform | 2025-04-20 | N/A |
| Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | ||||
| CVE-2016-2148 | 3 Busybox, Canonical, Debian | 3 Busybox, Ubuntu Linux, Debian Linux | 2025-04-20 | 9.8 Critical |
| Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. | ||||
| CVE-2017-13758 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c. | ||||
| CVE-2017-13090 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Wget, Enterprise Linux | 2025-04-20 | N/A |
| The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer. | ||||
| CVE-2015-8983 | 1 Gnu | 1 Glibc | 2025-04-20 | N/A |
| Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. | ||||
| CVE-2016-2226 | 1 Gnu | 1 Libiberty | 2025-04-20 | N/A |
| Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow. | ||||
| CVE-2017-8363 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2025-04-20 | N/A |
| The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | ||||
| CVE-2017-10989 | 1 Sqlite | 1 Sqlite | 2025-04-20 | N/A |
| The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. | ||||
| CVE-2015-8958 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file. | ||||
| CVE-2016-4796 | 2 Fedoraproject, Uclouvain | 2 Fedora, Openjpeg | 2025-04-20 | N/A |
| Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. | ||||
| CVE-2016-7535 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 6.5 Medium |
| coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file. | ||||
| CVE-2014-9835 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. | ||||
| CVE-2014-9833 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file. | ||||
| CVE-2014-9819 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 7.8 High |
| Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823. | ||||
| CVE-2016-10270 | 1 Libtiff | 1 Libtiff | 2025-04-20 | N/A |
| LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22. | ||||
| CVE-2017-7870 | 2 Libreoffice, Redhat | 2 Libreoffice, Enterprise Linux | 2025-04-20 | N/A |
| LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx. | ||||