CVE-2017-11190

unrarlib.c in unrar-free 0.0.1, when DEBUGLOG mode is enabled, might allow remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via an RAR archive containing a long filename...

CVE-2017-11190

CVE-2017-11190 affects unrarlib.c in unrar-free 0.0.1; when _DEBUG_LOG is enabled, processing a RAR archive with a very long filename can cause a stack-based buffer overflow, potentially crashing the application or causing other impact. The available sources describe the vulnerability, its trigge...

Fatek Automation PLC Ethernet Module Configuration Tool Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fatek Automation PLC Ethernet Module Configuration Tool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

EulerOS 2.0 SP2 : gd (EulerOS-SA-2017-1128)

According to the version of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Integer signedness error in the dynamicGetbuf function in gdiodp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP before 5.6.28 and...

SUSE SLED12 / SLES12 Security Update : Recommended update for ncurses (SUSE-SU-2017:1815-1)

This update for ncurses fixes the following issues: Security issues fixed : - CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmtentry function. bsc1046858 - CVE-2017-10685: Possible RCE with format string vulnerability in the fmtentry function. bsc1046853 Bugfixes : - Drop...

CVE-2017-9629

Schneider Electric Wonderware ArchestrA Logger (versions 2017.426.2307.1 and earlier) contains a stack-based buffer overflow vulnerability (CVE-2017-9629). The issue could allow a remote attacker to execute arbitrary code in the context of a highly privileged account. Public sources identify the ...

IBM DB2 9.7 < FP11 Special Build 36621 / 10.1 < FP6 Special Build 36610 / 10.5 < FP8 Special Build 36605 / 11.1.2 < FP2 Multiple Vulnerabilities (UNIX)

According to its version, the installation of IBM DB2 running on the remote host is either 9.7 prior to Fix Pack 11 Special Build 36621, 10.1 prior to Fix Pack 6 Special Build 36610, 10.5 prior to Fix Pack 8 Special Build 36605, or 11.1.2 prior to Fix Pack 2. It is, therefore, affected by the...

CVE-2017-10684

In ncurses 6.0, there is a stack-based buffer overflow in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...

CVE-2017-9775

A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler such as Evince to crash, or potentially execute arbitrary code when opened...

CVE-2017-9990

Stack-based buffer overflow in the colorstringtorgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted file...

CVE-2017-9990

Stack-based buffer overflow in the colorstringtorgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted file...

Stack overflow

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 includes DB2 Connect Server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159...

CVE-2017-1297

CVE-2017-1297 affects IBM DB2 for Linux/UNIX/Windows (including DB2 Connect Server). The vulnerability is a stack-based buffer overflow caused by improper bounds checking in the CLP path, which could allow a local attacker to execute arbitrary code. In affected IBM DB2 LUW releases (notably 9.2/1...

CVE-2017-1297

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 includes DB2 Connect Server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159...

IBM DB2 9.710.110.511.1 - Command Line Processor Buffer Overflow

IBM DB2 9.710.110.511.1 - Command Line Processor Buffer Overflow ''' DefenseCode Security Advisory IBM DB2 Command Line Processor Buffer Overflow Advisory ID: DC-2017-04-002 Advisory Title: IBM DB2 Command Line Processor Buffer Overflow Advisory URL:...

CVE-2017-9872

The IIIdequantizesample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...

CVE-2017-9872

The IIIdequantizesample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...

Stack overflow

The IIIistereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...

CVE-2017-9872

CVE-2017-9872 affects mpglib’s III_dequantize_sample in Layer3.c (used by LAME 3.99.5 and related products). Exploitation via a crafted audio file can cause a stack-based buffer overflow and application crash (denial of service). OpenSUSE security update openSUSE-2018-214 notes a fix in LAME 3.10...

CVE-2017-9871

The CVE-2017-9871 issue affects the mpglib decoder (III_i_stereo in layer3.c) used by LAME 3.99.5 and related products. The vulnerability is a stack-based buffer overflow in the MP3 decoding path that can be triggered by a crafted audio file, potentially causing an application crash or denial of ...