SUSE CVE-2017-6439

Heap-based buffer overflow in the parsestringnode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service out-of-bounds write via a crafted plist file...

SUSE CVE-2017-6440

The parsedatanode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service memory allocation error via a crafted plist file...

SUSE CVE-2017-6887

A boundary error within the "parsetiffifd" function internal/dcrawcommon.cpp in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs...

SUSE CVE-2017-7853

In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msgosipbodyparse function defined in osipparser2/osipmessageparse.c, resulting in a remote DoS...

SUSE CVE-2017-8105

FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1decoderparsecharstrings function in psaux/t1decode.c...

SUSE CVE-2017-9228

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect...

SUSE CVE-2017-9454

Buffer overflow in the aresparseareply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service out-of-bounds-read via a crafted DNS response...

SUSE CVE-2017-11112

In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the appendacs function of tinfo/parseentry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data...

SUSE CVE-2017-11113

In ncurses 6.0, there is a NULL Pointer Dereference in the ncparseentry function of tinfo/parseentry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data...

SUSE CVE-2017-11362

In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformatparse.c does not restrict the locale length, which allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact within International...

SUSE CVE-2017-11626

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite...

SUSE CVE-2017-12961

There is an assertion abort in the function parseattributes in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service...

SUSE CVE-2017-12987

The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-80211.c:parseelements...

SUSE CVE-2017-13740

There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact...

SUSE CVE-2017-16643

The parsehidreportdescriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service out-of-bounds read and system crash or possibly have unspecified other impact via a crafted USB device...

SUSE CVE-2018-0202

clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format .pdf...

SUSE CVE-2018-5686

In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdfparsearray function pdf/pdf-parse.c because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file...

SUSE CVE-2018-5813

An error within the "parseminolta" function dcraw/dcraw.c in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file...

SUSE CVE-2018-5818

An error within the "parserollei" function internal/dcrawcommon.cpp within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop...

SUSE CVE-2018-5819

An error within the "parsesinaria" function internal/dcrawcommon.cpp within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources...