CVE-2017-2870

An exploitable integer overflow vulnerability exists in the tiffimageparse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability...

UBUNTU-CVE-2017-2870

An exploitable integer overflow vulnerability exists in the tiffimageparse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability...

DEBIAN-CVE-2017-13731

There is an illegal address access in the function postprocesstermcap in parseentry.c in ncurses 6.0 that will lead to a remote denial of service attack...

UBUNTU-CVE-2017-13731

There is an illegal address access in the function postprocesstermcap in parseentry.c in ncurses 6.0 that will lead to a remote denial of service attack...

UBUNTU-CVE-2017-12961

There is an assertion abort in the function parseattributes in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service...

DEBIAN-CVE-2017-12961

There is an assertion abort in the function parseattributes in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service...

Microsoft Edge Charka Failed Re-Parse

Microsoft Edge: Chakra: InterpreterStackFrame::ProcessLinkFailedAsmJsModule incorrectly re-parses CVE-2017-8645 When Chakra fails to link an asmjs module, it tries to re-parse the failed-to-link asmjs function to treat it as a normal javascript function. But it incorrectly handles the case where...

Ledger 'ledger::parse_date_mask_routine' function buffer overflow vulnerability

Ledger is an accounting system written by software developer John Wiegley that supports UNIX commands. A security vulnerability in the 'ledger::parsedatemaskroutine' function in the Ledger times.cc file allows remote attackers to exploit the vulnerability by submitting a special file for denial o...

DEBIAN-CVE-2017-12482

The ledger::parsedatemaskroutine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted file...

UBUNTU-CVE-2017-12482

The ledger::parsedatemaskroutine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted file...

DEBIAN-CVE-2017-12418

ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c...

AZL-7263 CVE-2017-11551 affecting package libid3tag 0.15.1b-33

The id3fieldparse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service OOM via a crafted MP3 file...

ALPINE-CVE-2017-11551

The id3fieldparse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service OOM via a crafted MP3 file...

PT-2017-12095 · Underbit +2 · Libid3Tag +2

Name of the Vulnerable Software and Affected Versions: libid3tag version 0.15.1b Description: The issue allows remote attackers to cause a denial of service OOM via a crafted MP3 file. This is due to a problem in the id3 field parse function in field.c. Recommendations: For libid3tag version...

Remote Code Execution (RCE)

Symfony is vulnerable to remote code execution RCE attacks. The Yaml::parse allows attackers to execute PHP code through a PHP file...

Remote Code Execution (RCE)

Symfony is vulnerable to remote code execution RCE. A malicious user can pass a serialized PHP object to YAML:parse or Yaml\Parser::parse functions to inject and execute arbitrary code...

reSIProcate 'SdpContents::Session::Medium::parse' function denial of service vulnerability

reSIProcate is a C++ implementation of protocols such as SIP Session Initiation Protocol, ICE P2P Communication Protocol and TURN Profile Transfer Protocol. A security vulnerability exists in the 'SdpContents::Session::Medium::parse' function of the resip/stack/SdpContents.cxx file in reSIProcate...

DEBIAN-CVE-2017-11626

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite...

CVE-2017-11464

A SIGFPE is raised in the function boxblurline of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero...

Design/Logic Flaw

The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service memory consumption by triggering many media connections...