Lucene search
+L

10 matches found

vulnrichment
vulnrichment
added 2026/05/27 12:0 a.m.11 views

CVE-2026-38427

An issue in fetchjpg in xdrv10scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffer overflow. The Content-Length from a JPEG stream is stored in a uint16t variable; values above 65535 wrap around, causing allocation of a smaller buffer than the data actually read...

6.2AI score0.00458EPSS
Exploits1References2
cvelist
cvelist
added 2026/05/27 12:0 a.m.44 views

CVE-2026-38427

An issue in fetchjpg in xdrv10scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffer overflow. The Content-Length from a JPEG stream is stored in a uint16t variable; values above 65535 wrap around, causing allocation of a smaller buffer than the data actually read...

0.00458EPSS
Exploits1References2
cve
cve
added 2026/05/27 12:0 a.m.30 views

CVE-2026-38427

CVE-2026-38427 : In Tasmota up to 15.3.0.3, fetch_jpg() in xdrv_10_scripter.ino stores the JPEG Content-Length in a uint16_t. Values > 65535 wrap around, causing allocation of a smaller heap buffer than the data read and a heap buffer overflow. This enables a remote attacker over the network t...

7.3CVSS6.2AI score0.00458EPSS
Exploits1References2
nvd
nvd
added 2025/12/09 9:15 p.m.8 views

CVE-2021-47727

Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication. Attackers can directly connect to RTP/RTSP or M-JPEG streams by requesting specific endpoints like p1.mjpg or p1.264 to view camera footage...

8.7CVSS0.00427EPSS
Exploits1References5
nvd
nvd
added 2024/08/15 9:15 p.m.16 views

CVE-2024-7868

In Xpdf 4.05 and earlier, invalid header info in a DCT JPEG stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address...

8.2CVSS0.00391EPSS
Exploits0References1
osv
osv
added 2024/08/15 9:15 p.m.8 views

UBUNTU-CVE-2024-7868

In Xpdf 4.05 and earlier, invalid header info in a DCT JPEG stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address...

8.2CVSS5.8AI score0.00391EPSS
Exploits0References2
cve
cve
added 2024/08/15 8:22 p.m.54 views

CVE-2024-7868

CVE-2024-7868 affects Xpdf 4.05 and earlier, where invalid header info in a DCT (JPEG) stream can trigger an uninitialized variable in the DCT decoder, with a proof-of-concept PDF causing a segfault. Fedora/Slackware advisories indicate the issue is addressed by upgrading to Xpdf 4.06; multiple a...

8.2CVSS6.4AI score0.00391EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2024/08/15 12:0 a.m.5 views

PT-2024-38645

Name of the Vulnerable Software and Affected Versions Xpdf versions 4.05 and earlier Description The issue arises from invalid header information in a DCT JPEG stream, leading to an uninitialized variable in the DCT decoder. This can cause a segfault when attempting to read from an invalid addres...

8.5CVSS4.3AI score0.00391EPSS
Exploits2References27
osv
osv
added 2006/08/03 1:4 a.m.2 views

DEBIAN-CVE-2006-3460

Heap-based buffer overflow in the JPEG decoder in the TIFF library libtiff before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size TiffScanLineSize...

7.5CVSS8.2AI score0.04338EPSS
Exploits1References1
debiancve
debiancve
added 2006/08/03 1:0 a.m.34 views

CVE-2006-3460

Heap-based buffer overflow in the JPEG decoder in the TIFF library libtiff before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size TiffScanLineSize...

7.5CVSS6.7AI score0.04338EPSS
Exploits1
Rows per page
Query Builder