CVE-2018-16770

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service application crash or possibly have unspecified other impact because a certain newallocator allocate call fails...

CVE-2018-1000667

NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption crashed of nasm when handling a crafted file due to function assemblefileinname, dependptr at asm/nasm.c:482. vulnerability in function assemblefileinname, dependptr at asm/nasm.c:482. that can result in...

Hackers can compromise your network just by sending a Fax

What maximum a remote attacker can do just by having your Fax machine number? Believe it or not, but your fax number is literally enough for a hacker to gain complete control over the printer and possibly infiltrate the rest of the network connected to it. Check Point researchers have revealed...

XnView Denial of Service Vulnerability (CNVD-2019-10272)

XnView is a multi-platform software that supports image viewing, conversion and editing. A denial of service vulnerability exists in XnView 2.45, which can be exploited by remote attackers to cause a denial of service via a specially crafted RLE file...

libgig heap buffer overflow vulnerability (CNVD-2018-15174)

libgig is a C++ library for loading, modifying existing and creating new Gigasampler .gig files and DLS downloadable sound level 1/2 files, KORG sample-based instruments .KSF and .KMP files, SoundFont v2 .sf2 files and AKAI sampler data. A heap-based buffer overflow vulnerability exists in the...

CVE-2018-11556

tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to t...

Cisco WebEx Business Suite meeting sites and WebEx Meetings sites WebEx Recording Format Player information disclosure vulnerability

Cisco WebEx Business Suite meeting sites and WebEx Meetings sites are video conferencing solutions from Cisco.WebEx Recording Format WRF Player is one of the players, which is mainly used to play WRF WebEx Recording Format WRF Player is one of the players, which is mainly used to play the WRF...

CVE-2018-0288

A vulnerability in Cisco WebEx Recording Format WRF Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a...

CVE-2017-12081

An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the applicatio...

Microsoft Jet Database Engine Arbitrary Code Execution Vulnerability

Microsoft Windows 10, etc. are a series of operating systems released by Microsoft Corporation in the U.S. JET Database Engine is one of the underlying database engines. An arbitrary code execution vulnerability exists in Microsoft JET Database Engine. A remote attacker can exploit this...

Microsoft Excel Remote Code Execution Vulnerability (CNVD-2018-08761)

Microsoft Excel 2010 SP2, Excel 2013 RT SP1 and Excel 2013 SP1 are spreadsheet processing software in the Office suite of Microsoft Corporation USA. A remote code execution vulnerability exists in Microsoft Excel 2010 SP2, Excel 2013 RT SP1, and Excel 2013 SP1, which stems from the program failin...

CVE-2017-18233

An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service infinite loop via crafted XMP data in a .avi file...

Ffmpeg 'decode_frame' function denial of service vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'decodeframe' function in the libavcodec/utvideodec.c file in FFmpeg 3.4.1 and earlier versions. A remote attacker can exploit this vulnerability to...

PYSEC-2018-144

The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service excessive memory allocation via a crafted file...

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat

CVE-2017-12615 Usage: CVE-2017-1...

Computerinsel Photoline Code Execution Vulnerability

Computerinsel Photoline is a suite of image editing software. A code execution vulnerability exists in the .PCX parsing feature in Computerinsel Photoline version 20.02. An attacker can exploit this vulnerability by sending a .PCX file to execute code...

CVE-2017-15779

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at CADImage+0x00000000000034b0."...

CVE-2017-15762

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001f31b."...

The vulnerability of the asf_read_marker function in the FFmpeg multimedia library allows a attacker to trigger memory consumption and service failure.

The vulnerability of the asfreadmarker function in the FFmpeg multimedia library is related to resource management errors. Exploiting this vulnerability can allow an attacker to induce memory consumption and service failures by using a specially created ASF file. Such files require a high value f...

CVE-2017-13142

In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files...