UBUNTU-CVE-2017-17506

In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Oplineplinedecode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file...

DEBIAN-CVE-2017-17506

In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Oplineplinedecode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file...

CVE-2017-17127

The vc1decodeframe function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted file...

Axis Communications MPQT/PACS Heap Overflow / Information Leakage Vulnerabilities

Axis Communications MPQT/PACS suffers from heap overflow and information leakage vulnerabilities. STX Subject: Axis Communications MPQT/PACS Heap Overflow and Information Leakage. Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis August 2017 PoC:...

librawspeed/RawParserFuzzer-GetDecoder-Decode: Use-of-uninitialized-value in rawspeed::RawImageData::checkMemIsInitialized

Project: https://github.com/darktable-org/rawspeed.git Detailed report: https://oss-fuzz.com/testcase?key=6696296816574464 Project: librawspeed Fuzzer: libFuzzerlibrawspeedRawParserFuzzer-GetDecoder-Decode Fuzz target binary: RawParserFuzzer-GetDecoder-Decode Job Type: libfuzzermsanlibrawspeed...

ALPINE-CVE-2017-1000158

CPython aka Python up to 2.7.13 is vulnerable to an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-based buffer overflow and possible arbitrary code execution...

DEBIAN-CVE-2017-1000158

CPython aka Python up to 2.7.13 is vulnerable to an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-based buffer overflow and possible arbitrary code execution...

DEBIAN-CVE-2017-16803

In Libav through 11.11 and 12.x through 12.1, the smackerdecodetree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service bitstream.c:buildtable out-of-bounds read and application crash via a crafted Smacker stream...

Ruby yajl-ruby gem denial of service vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. yajl-ruby gem is one of the stream-based parsing library. A security vulnerability exists in the 'yajlstringdecode' function in the yajlencode.c file in...

librawspeed/FiffParserFuzzer-GetDecoder-Decode: Use-of-uninitialized-value in rawspeed::RawImageData::checkMemIsInitialized

Project: https://github.com/darktable-org/rawspeed.git Detailed report: https://oss-fuzz.com/testcase?key=4955346603868160 Project: librawspeed Fuzzer: libFuzzerlibrawspeedFiffParserFuzzer-GetDecoder-Decode Fuzz target binary: FiffParserFuzzer-GetDecoder-Decode Job Type: libfuzzermsanlibrawspeed...

librawspeed: Use-of-uninitialized-value in rawspeed::RawImageData::checkMemIsInitialized

Project: https://github.com/darktable-org/rawspeed.git Detailed report: https://oss-fuzz.com/testcase?key=4923578240729088 Project: librawspeed Fuzzer: libFuzzerlibrawspeedRawParserFuzzer-GetDecoder-Decode Fuzz target binary: RawParserFuzzer-GetDecoder-Decode Job Type: libfuzzermsanlibrawspeed...

DEBIAN-CVE-2017-15025

decodelineinfo in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted ELF file...

UBUNTU-CVE-2017-15025

decodelineinfo in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted ELF file...

PT-2017-13821 · Lame +3 · Lame +3

Name of the Vulnerable Software and Affected Versions: LAME version 3.99.5 Description: The issue is related to a NULL Pointer Dereference in the hip decode init function within libmp3lame/mpglib interface.c. This occurs when processing a malformed mpg file, due to an incorrect calloc call...

DEBIAN-CVE-2017-14939

decodelineinfo in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted ELF file, related to...

DEBIAN-CVE-2017-14930

Memory leak in decodelineinfo in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service memory consumption via a crafted ELF file...

UBUNTU-CVE-2017-14939

decodelineinfo in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted ELF file, related to...

OpenExif Denial of Service Vulnerability

OpenExif is an object-oriented library for accessing JPEG image files in Exif format. A denial of service vulnerability exists in ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif, which could allow a remote attacker to cause a denial of service stack buffer over-reading and application...

GNU Binutils Denial of Service Vulnerability (CNVD-2017-30068)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. The binary file descriptor BFD library used in GNU Binutils fails to handle length calculations correctly with decodelineinfo in dwarf2.c. A remote...

GNU Binutils Denial of Service Vulnerability (CNVD-2017-30072)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A denial of service vulnerability exists in decodelineinfo in dwarf2.c in the Binary File Descriptor BFD library used in GNU Binutils, which can be...