Search Results (23552 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-13090 3 Debian, Gnu, Redhat 3 Debian Linux, Wget, Enterprise Linux 2025-04-20 N/A
The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer.
CVE-2017-13134 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-13139 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2025-04-20 9.8 Critical
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
CVE-2017-13160 1 Google 1 Android 2025-04-20 N/A
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362.
CVE-2017-13168 2 Canonical, Google 2 Ubuntu Linux, Android 2025-04-20 N/A
An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.
CVE-2017-13817 1 Apple 1 Mac Os X 2025-04-20 N/A
An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions.
CVE-2017-13875 1 Apple 1 Mac Os X 2025-04-20 N/A
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.
CVE-2017-13878 1 Apple 1 Mac Os X 2025-04-20 N/A
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash).
CVE-2017-13999 1 We-con 1 Levi Studio Hmi Editor 2025-04-20 N/A
A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studio HMI Editor v1.8.1 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified in which the application does not verify string size before copying to memory; the attacker may then be able to crash the application or run arbitrary code.
CVE-2017-14016 1 Advantech 1 Webaccess 2025-04-20 N/A
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.
CVE-2017-14034 1 Libbpg Project 1 Libbpg 2025-04-20 N/A
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact.
CVE-2017-14039 2 Debian, Uclouvain 2 Debian Linux, Openjpeg 2025-04-20 8.8 High
A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
CVE-2017-14041 2 Debian, Uclouvain 2 Debian Linux, Openjpeg 2025-04-20 8.8 High
A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
CVE-2017-14633 3 Canonical, Debian, Xiph.org 3 Ubuntu Linux, Debian Linux, Libvorbis 2025-04-20 6.5 Medium
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
CVE-2017-14643 1 Bento4 1 Bento4 2025-04-20 N/A
The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0-617 uses an incorrect character data type, leading to a heap-based buffer over-read and application crash in AP4_BytesToUInt32BE in Core/Ap4Utils.h.
CVE-2017-14645 1 Bento4 1 Bento4 2025-04-20 N/A
A heap-based buffer over-read was discovered in AP4_BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version 1.5.0-617. The vulnerability causes an application crash, which leads to remote denial of service.
CVE-2017-14646 1 Axiosys 1 Bento4 2025-04-20 N/A
The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.
CVE-2017-14682 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.
CVE-2017-14729 1 Gnu 1 Binutils 2025-04-20 N/A
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.
CVE-2017-14731 1 Libofx Project 1 Libofx 2025-04-20 N/A
ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call.