Search Results (8702 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-9054 1 Libdwarf Project 1 Libdwarf 2025-04-20 9.8 Critical
An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read.
CVE-2017-9074 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2025-04-20 7.8 High
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.
CVE-2017-9110 1 Openexr 1 Openexr 2025-04-20 N/A
In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.
CVE-2017-9116 1 Openexr 1 Openexr 2025-04-20 N/A
In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.
CVE-2017-9117 2 Canonical, Libtiff 2 Ubuntu Linux, Libtiff 2025-04-20 4 Medium
In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7 release).
CVE-2017-9195 1 Autotrace Project 1 Autotrace 2025-04-20 N/A
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:620:27.
CVE-2016-7975 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-04-20 N/A
The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print().
CVE-2017-9611 2 Artifex, Debian 2 Ghostscript, Debian Linux 2025-04-20 7.8 High
The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9985 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2025-04-20 7.8 High
The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
CVE-2017-10983 2 Freeradius, Redhat 2 Freeradius, Enterprise Linux 2025-04-20 N/A
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
CVE-2017-11334 3 Debian, Qemu, Redhat 4 Debian Linux, Qemu, Enterprise Linux and 1 more 2025-04-20 4.4 Medium
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
CVE-2017-5356 2 Debian, Irssi 2 Debian Linux, Irssi 2025-04-20 N/A
Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]).
CVE-2017-5484 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-04-20 N/A
The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print().
CVE-2017-5505 1 Jasper Project 1 Jasper 2025-04-20 N/A
The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
CVE-2017-16362 1 Adobe 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more 2025-04-20 N/A
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin, when handling font data. It causes an out of bounds memory access, which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack.
CVE-2017-5847 2 Debian, Gstreamer Project 2 Debian Linux, Gstreamer 2025-04-20 7.5 High
The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.
CVE-2017-9770 1 Razerzone 1 Razer Synapse 2025-04-20 N/A
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse that can cause an out of bounds read operation to occur due to a field within the IOCTL data being used as a length.
CVE-2016-10161 2 Php, Redhat 2 Php, Rhel Software Collections 2025-04-20 N/A
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.
CVE-2017-6347 1 Linux 1 Linux Kernel 2025-04-20 7.8 High
The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission.
CVE-2017-6437 1 Libplist Project 1 Libplist 2025-04-20 N/A
The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds read) via a crafted plist file.