The vulnerability of the exif_process_IFD_in_MAKERNOTE module in the PHP programming language, related to reading beyond buffer boundaries, allows attackers to cause service failures.

The vulnerability of the exifprocessIFDinMAKERNOTE module located in ext/exif/exif.c in the PHP programming language is related to incorrect image processing. Exploiting this vulnerability can allow a malicious actor to cause service failures through a specially created JPEG file...

UBUNTU-CVE-2019-10650

In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file...

PT-2019-4619 · Imagemagick +4 · Imagemagick +4

Name of the Vulnerable Software and Affected Versions: ImageMagick version 7.0.8-36 Q16 Description: The issue is related to a heap-based buffer over-read in the WriteTIFFImage function of coders/tiff.c. This allows an attacker to cause a denial of service or information disclosure via a crafted...

The vulnerability of the memslot_get_virt function in the Spice library, which allows a hacker to execute arbitrary code or cause a service denial.

The vulnerability of the memslotgetvirt function in the Spice library exists due to the reading of data beyond the specified buffer. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause service failures...

UBUNTU-CVE-2019-9936

In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5hash.c...

CVE-2019-6733

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2019-6735

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2019-6732

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2019-6728

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2019-6729

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of P...

UBUNTU-CVE-2019-3832

It was discovered the fix for CVE-2018-19758 libsndfile was not complete and still allows a read beyond the limits of a buffer in wavwriteheader function in wav.c. A local attacker may use this flaw to make the application crash...

The vulnerability of the WebGL component in the Chrome web browser allows a hacker to copy arbitrary files to the target directory.

The vulnerability of the WebGL component in the Chrome web browser is related to reading data beyond the buffer boundaries. Exploiting this vulnerability allows a malicious actor to write arbitrary files to the target directory remotely...

The vulnerability of the ext4_extDropRefs() function in the Linux operating system allows a hacker to cause a service failure or execute arbitrary code.

The vulnerability of the ext4extDropRefs function in the Linux operating system relates to reading data beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary code using a specially created ext4 file system image...

The vulnerability of the NTLM type-3 password creation function in the libcurl library allows a hacker to induce a service failure.

The vulnerability of the libcurl library is related to the issue of reading operations going beyond the buffer boundaries in the NTLM type-3 header creation function. This function generates the HTTP request header based on previously obtained data without checking the local buffer. Exploiting th...

The vulnerability of the NTLM type-2 function of the libcurl library, which allows a hacker to trigger a service failure

The vulnerability of NTLM type-2 in the libcurl library is related to incorrect validation of incoming data, which leads to reading beyond the buffer of dynamic memory. Exploiting this vulnerability allows a remote attacker to cause a service failure...

The vulnerability of the libcurl library, related to reading beyond the buffer boundaries of memory, allows an attacker to cause a service failure.

The vulnerability of the libcurl library relates to reading data beyond the buffer boundaries for SMTP communication. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

UBUNTU-CVE-2019-9631

Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsamplerowboxfilter function...

The vulnerability of Microsoft Excel spreadsheet editors, as well as Microsoft Office and Office 365 products, relates to reading data beyond the buffer in memory. This allows attackers to gain access to protected information.

The vulnerability of Microsoft Excel spreadsheet editors, as well as Microsoft Office and Office 365 products, stems from the reading of data beyond the buffer in memory. Exploitation of this vulnerability can allow an attacker to gain access to protected information by using a specially created...

PT-2019-5304 · Advancecomp +4 · Advancecomp +4

Name of the Vulnerable Software and Affected Versions: AdvanceCOMP version 2.1 Description: The issue is caused by an integer overflow in the png compress function in pngex.cc of the AdvanceCOMP utility. This overflow occurs when encountering an invalid PNG size, leading to an attempted memcpy in...

The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser, caused by an operation that goes beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser is caused by an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using a...