5931 matches found
Internet Bug Bounty: CVE-2017-8798 - miniupnp getHTTPResponse chunked encoding integer signedness error
Integer signedness error in miniupnpc 1 allows remote attackers to cause a denial of service condition access violation and heap corruption via specially crafted HTTP response An integer signedness error was found in miniupnp's miniwget allowing an unauthenticated remote entity typically located ...
PoDoFo Denial of Service Vulnerability (CNVD-2017-07617)
PoDoFo is an open source , written in C++ using the PDF file format library . A denial of service vulnerability exists in the 'PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry' function in the base/PdfXRefStreamParserObject.cpp file in PoDoFo version 0.9.5. ' function is vulnerable to a...
Apache Httpd < 2.4.26 : ap_find_token() Buffer Overread
The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force...
Apache Httpd < 2.2.34 : ap_find_token() Buffer Overread
The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force...
The vulnerability of the Linux operating system, which allows a perpetrator to trigger a service failure or cause other effects
The vulnerability in the driver drivers/net/can/usb/gsusb.c of the Linux operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a local attacker to improperly interact with the CONFIGVMAPSTACK parameter, resulting in a...
DEBIAN-CVE-2017-8393
The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHTREL/SHRRELA sections are always named starting with a .rel/.rela prefix. This...
UBUNTU-CVE-2017-8393
The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHTREL/SHRRELA sections are always named starting with a .rel/.rela prefix. This...
DEBIAN-CVE-2016-10350
The archivereadformatcabreadheader function in archivereadsupportformatcab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted file...
ALPINE-CVE-2017-8365
The i2lesarray function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted audio file...
ALPINE-CVE-2017-8363
The flacbuffercopy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted audio file...
The vulnerabilities in programs for viewing and editing PDF files such as Adobe Reader, Adobe Acrobat Document Cloud, Adobe Reader Document Cloud, and Adobe Acrobat allow attackers to breach the confidentiality of information.
The vulnerabilities of PDF viewing and editing programs such as Adobe Reader, Adobe Acrobat Document Cloud, Adobe Reader Document Cloud, and Adobe Acrobat are related to reading beyond the buffer limit and memory leaks resulting from parsing segment APP13 into JPEG files. Exploiting these...
The vulnerabilities in programs for viewing and editing PDF files such as Adobe Reader, Adobe Acrobat Document Cloud, Adobe Reader Document Cloud, and Adobe Acrobat allow attackers to breach the confidentiality of information.
The vulnerability of image conversion tools for viewing and editing PDF files, such as Adobe Reader, Adobe Acrobat Document Cloud, Adobe Reader Document Cloud, and Adobe Acrobat, is related to reading beyond the buffer limit and memory leaks caused by parsing EMF format files. Exploiting this...
libcroco 'cr_input_new_from_uri' function denial of service vulnerability
libcroco is a CSS2 parsing library. A security vulnerability exists in the 'crinputnewfromuri' function in the cr-input.c file in libcroco versions 0.6.11 and 0.6.12. A remote attacker can exploit this vulnerability to cause a denial of service heap buffer out-of-bounds read with the help of a...
The vulnerability of the Mac OS X operating system allows a perpetrator to trigger a service failure or obtain confidential information.
The vulnerability of the Menus component in the Mac OS X operating system arises from reading data beyond the specified buffer limit. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain confidential information or cause a service failure reading beyond the...
The vulnerability of the Mac OS X operating system and the iOS operating system allows attackers to trigger service interruptions or obtain confidential information.
The vulnerability of the FontParser component in the Mac OS X and iOS operating systems arises from reading beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to obtain confidential information or cause a service failure such as reading beyond the memory limit or...
The vulnerability of the FreeType library, which allows a perpetrator to trigger a service failure or cause other effects
The vulnerability of the parsecharstrings function in the type1/t1load.c file of the FreeType library does not guarantee that the font contains the glyph’s name. This vulnerability arises from reading beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cau...
UBUNTU-CVE-2017-7697
In libsamplerate before 0.1.9, a buffer over-read occurs in the calcoutputsingle function in srcsinc.c via a crafted audio file...
DEBIAN-CVE-2017-7697
In libsamplerate before 0.1.9, a buffer over-read occurs in the calcoutputsingle function in srcsinc.c via a crafted audio file...
PT-2017-17839 · Red Hat +3 · Elfutils +3
Name of the Vulnerable Software and Affected Versions: elfutils version 0.168 Description: The issue allows remote attackers to cause a denial of service, resulting in a heap-based buffer over-read and application crash, via a crafted ELF file. This is due to the ebl object note type name functio...
UBUNTU-CVE-2016-10271
tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service heap-based buffer over-read and buffer overflow or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tiffax3.c:413:13...