The vulnerability of the gtbl document editing tool from the groff package, related to errors in pointer arithmetic, allows a perpetrator to trigger a service failure.

The vulnerability of the gtbl document editing tool from the groff package is related to errors in pointer manipulation at address 0x0000000000409400. Exploiting this vulnerability could allow an attacker to cause a service failure by passing a specially crafted file as an argument to the command...

The vulnerability of the __strlen_sse2_pminub function in the infotocap utility from the ncurses-bin package allows a hacker to cause a service failure.

The vulnerability of the strlensse2pminub function located in the file sysdeps/x8664/multiarch/strlen-sse2-pminub.S:39 in the infotocap utility from the ncurses-bin package is related to errors in pointer arithmetic. Exploiting this vulnerability could allow an attacker to cause a system failure ...

UBUNTU-CVE-2019-1010302

jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 showIPTC. The attack vector is: the victim must open a specially crafted JPEG file...

The vulnerability of the Windows Jet Database Engine database management system allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows Jet Database Engine database management system relates to operations that go beyond the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...

libpng: use-after-free in png_image_free in png.c

A vulnerability was found in libpng where a use-after-free issue exists in the pngimagefree function within png.c. This vulnerability can be exploited by persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service...

Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability

In early March, we discovered a cyberattack that used an exploit for CVE-2018-20250, an old WinRAR vulnerability disclosed just several weeks prior, and targeted organizations in the satellite and communications industry. A complex attack chain incorporating multiple code execution techniques...

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

Microsoft Office is an office software suite product. A remote code execution vulnerability exists in Microsoft Office Access Connectivity Engine. An attacker can exploit the vulnerability to execute arbitrary code via a constructed file...

The vulnerability of the Jet Database Engine database management system in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Jet Database Engine database management system in the Windows operating system arises from an operation that goes beyond the buffer in memory. Exploiting this vulnerability allows a attacker to execute arbitrary code using a specially crafted file...

AdvanceCOMP Invalid Memory Access Vulnerability

AdvanceCOMP is a set of cross-platform command-line data compression tools. An invalid memory access vulnerability exists in the advpngunfilter8 function in png.c in AdvanceCOMP 2.1. An attacker can exploit this vulnerability to cause a denial of service segmentation error or possibly other impac...

The vulnerability of the Microsoft JET Database Engine database driver on the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft JET Database Engine database driver for the Windows operating system exists due to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...

The vulnerability of the Microsoft Windows Codecs library in the Windows operating system allows a hacker to gain access to confidential information.

The vulnerability of the Microsoft Windows Codecs library in the Windows operating system is related to errors in memory object handling mechanisms. Exploiting this vulnerability can allow an attacker to access confidential information through a specially crafted image file...

Microsoft Word Remote Code Execution Vulnerability (CNVD-2019-14465)

Microsoft Word is a word processor application developed by Microsoft. A remote code execution vulnerability exists in Microsoft Word that stems from the software's failure to properly handle objects in memory and can be exploited by an attacker using a specially crafted file to perform an...

Jet Database Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to...

Xxe

FreeCol version = nightly-2018-08-22 contains a XML External Entity XXE vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file...

The vulnerability of Microsoft Excel’s spreadsheet editor, related to errors in memory object handling, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Excel editors is related to errors in memory object handling. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code with user privileges using a specially crafted file...

CVE-2018-19130

In Libav 12.3, there is an invalid memory access in vc1decodeframe in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. NOTE: This may be a duplicate of CVE-2017-17127...

The vulnerability of Adobe Acrobat and Adobe Reader PDF viewer/editor programs, related to writing beyond the buffer in memory, allows a perpetrator to execute arbitrary code.

The vulnerability of Adobe Acrobat and Adobe Reader PDF viewer/editor programs lies in the writing of data beyond the buffer limit in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created XPS file...

CVE-2018-18024

In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file...

CVE-2018-17828

Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. dot dot in a zip file, because of the function unzzipcat in the bins/unzzipcat-mem.c file...

PYSEC-2018-137

Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service heap-based buffer overflow via a crafted image file...