6849 matches found
SUSE CVE-2016-4303
The parsestring function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service crash or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow...
SUSE CVE-2016-4579
Libksba before 1.3.4 allows remote attackers to cause a denial of service out-of-bounds read and crash via unspecified vectors, related to the "returned length of the object from ksbaberparsetl."...
SUSE CVE-2016-5301
The parsechunkheader function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service crash via a crafted 1 HTTP response or possibly a 2 UPnP broadcast...
SUSE CVE-2016-6254
Heap-based buffer overflow in the parsepacket function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted network packet...
SUSE CVE-2016-9436
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a tag...
SUSE CVE-2016-9809
Off-by-one error in the gsth264parsesetcaps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read...
SUSE CVE-2016-9813
The parsepat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted file...
SUSE CVE-2016-10198
The gstaacparsesinksetcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service invalid memory read and crash via a crafted audio file...
SUSE CVE-2016-10397
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and evil.example.com:[email protected]/ inputs to the parseurl...
SUSE CVE-2016-10907
An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755parsedt...
SUSE CVE-2017-2870
An exploitable integer overflow vulnerability exists in the tiffimageparse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability...
SUSE CVE-2017-5483
The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1parse...
SUSE CVE-2017-5834
The parsedictnode function in bplist.c in libplist allows attackers to cause a denial of service out-of-bounds heap read and crash via a crafted file...
SUSE CVE-2017-5840
The qtdemuxparsesamples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds heap read via vectors involving the current stts index...
SUSE CVE-2017-6309
An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parsefile function. These might lead to invalid read and write operations, controlled by an attacker...
SUSE CVE-2017-6435
The parsestringnode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service memory corruption via a crafted plist file...
SUSE CVE-2017-6436
The parsestringnode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service memory allocation error via a crafted plist file...
SUSE CVE-2017-6440
The parsedatanode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service memory allocation error via a crafted plist file...
SUSE CVE-2017-6439
Heap-based buffer overflow in the parsestringnode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service out-of-bounds write via a crafted plist file...
SUSE CVE-2017-6887
A boundary error within the "parsetiffifd" function internal/dcrawcommon.cpp in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs...