| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file. |
| Stack-based buffer overflow in the get_remote_video_port_media function in call.cpp in SIPp 3.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SIP message. NOTE: some of these details are obtained from third party information. |
| Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. |
| The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. |
| Heap-based buffer overflow in Lhaplus before 1.57 allows remote attackers to execute arbitrary code via a long comment field in a ZOO archive. |
| Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL. |
| Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151. |
| Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr. |
| Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian before 3.1.10.0 allows user-assisted remote attackers to execute arbitrary code via a long attribute value in a FONT tag in a message. |
| Heap-based buffer overflow in the XML parsing functionality in talk.dll in Cerulean Studios Trillian Pro before 3.1.10.0 allows remote attackers to execute arbitrary code via a malformed attribute in an IMG tag. |
| Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c. |
| Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third party information. |
| Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field. |
| Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the xvidcore library in Xvid before 1.2.2, as used by Windows Media Player and other applications, allow remote attackers to execute arbitrary code by providing a crafted macroblock (aka MBlock) number in a video stream in a crafted movie file that triggers heap memory corruption, related to a "missing resync marker range check" and the (1) decoder_iframe, (2) decoder_pframe, and (3) decoder_bframe functions. |
| Stack-based buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted HTTP request. |
| Buffer overflow in Uploadlist in eMule X-Ray before 1.4 has unknown impact and remote attack vectors. |
| Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors. |
| Buffer overflow in the FTP service on the Tandberg MXP F7.0 allows remote attackers to cause a denial of service (process crash or device reboot) or possibly execute arbitrary code via a long USER command, as demonstrated by a command ending with many space characters. |
| Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote attackers to execute arbitrary code via an MMS transmission of a malformed JPEG image, which triggers memory corruption. |
| Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable. |
