SUSE CVE-2017-7378

The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted PDF document...

SUSE CVE-2017-7668

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to...

SUSE CVE-2017-7679

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modmime can read one byte past the end of a buffer when sending a malicious Content-Type response header...

SUSE CVE-2017-7697

In libsamplerate before 0.1.9, a buffer over-read occurs in the calcoutputsingle function in srcsinc.c via a crafted audio file...

SUSE CVE-2017-7885

Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service application crash or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2decodesymboldict function in jbig2symboldict.c in libjbig2dec.a during operation on a craft...

SUSE CVE-2017-8365

The i2lesarray function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted audio file...

SUSE CVE-2017-8393

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHTREL/SHRRELA sections are always named starting with a .rel/.rela prefix. This...

SUSE CVE-2017-8872

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service buffer over-read or information disclosure...

SUSE CVE-2017-9052

An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarfformsdata is due to a failure to check a pointer for being in bounds in a few places in this function and a failure in a check in dwarfattrlist...

SUSE CVE-2017-9055

An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarfformsdata a few data types were not checked for being in bounds, leading to a heap-based buffer over-read...

SUSE CVE-2017-9108

An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read would have done. Without this fix, adnshost may read...

SUSE CVE-2017-9128

The quicktimevideowidth function in lqtquicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted mp4 file...

SUSE CVE-2017-9164

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GETCOLOR function in color.c:16:11...

SUSE CVE-2017-9193

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:538:33...

SUSE CVE-2017-9351

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully...

SUSE CVE-2017-9726

The InsMDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly have unspecified other impact via a crafted document...

SUSE CVE-2017-9782

JasPer 2.0.12 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted image, related to the jp2decode function in libjasper/jp2/jp2dec.c...

SUSE CVE-2017-9865

The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc...

SUSE CVE-2017-10982

An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in frdhcpdecodeoptions" and a denial of service...

SUSE CVE-2017-10987

An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in frdhcpdecodesuboptions" and a denial of service...