CVE-2017-9629

Schneider Electric Wonderware ArchestrA Logger (versions 2017.426.2307.1 and earlier) contains a stack-based buffer overflow vulnerability (CVE-2017-9629). The issue could allow a remote attacker to execute arbitrary code in the context of a highly privileged account. Public sources identify the ...

IBM DB2 9.7 < FP11 Special Build 36621 / 10.1 < FP6 Special Build 36610 / 10.5 < FP8 Special Build 36605 / 11.1.2 < FP2 Multiple Vulnerabilities (UNIX)

According to its version, the installation of IBM DB2 running on the remote host is either 9.7 prior to Fix Pack 11 Special Build 36621, 10.1 prior to Fix Pack 6 Special Build 36610, 10.5 prior to Fix Pack 8 Special Build 36605, or 11.1.2 prior to Fix Pack 2. It is, therefore, affected by the...

CVE-2017-10684

In ncurses 6.0, there is a stack-based buffer overflow in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...

CVE-2017-9775

A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler such as Evince to crash, or potentially execute arbitrary code when opened...

CVE-2017-9865

The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc...

CVE-2017-9990

Stack-based buffer overflow in the colorstringtorgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted file...

CVE-2017-9990

Stack-based buffer overflow in the colorstringtorgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted file...

Stack overflow

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 includes DB2 Connect Server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159...

CVE-2017-1297

CVE-2017-1297 affects IBM DB2 for Linux/UNIX/Windows (including DB2 Connect Server). The vulnerability is a stack-based buffer overflow caused by improper bounds checking in the CLP path, which could allow a local attacker to execute arbitrary code. In affected IBM DB2 LUW releases (notably 9.2/1...

CVE-2017-1297

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 includes DB2 Connect Server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159...

CVE-2017-9954

The getvalue function in tekhex.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted tekhex file, as demonstrated by mishandling within the...

CVE-2017-9954

The getvalue function in tekhex.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted tekhex file, as demonstrated by mishandling within the...

CVE-2017-9954

The CVE-2017-9954 issue affects GNU Binutils’ Binary File Descriptor library (libbfd), specifically the tekhex.c getvalue function. A crafted tekhex file can trigger a stack-based buffer over-read in nm, causing an application crash (DoS). Root cause is mishandling in getvalue within tekhex.c of ...

CVE-2017-9954

The getvalue function in tekhex.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted tekhex file, as demonstrated by mishandling within the...

CVE-2017-9949

The grubmemmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service stack-based buffer underflow and application crash or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GN...

IBM DB2 9.710.110.511.1 - Command Line Processor Buffer Overflow

IBM DB2 9.710.110.511.1 - Command Line Processor Buffer Overflow ''' DefenseCode Security Advisory IBM DB2 Command Line Processor Buffer Overflow Advisory ID: DC-2017-04-002 Advisory Title: IBM DB2 Command Line Processor Buffer Overflow Advisory URL:...

CVE-2017-9872

The IIIdequantizesample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...

CVE-2017-9872

The IIIdequantizesample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...

Stack overflow

The IIIistereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...

CVE-2017-9871

The CVE-2017-9871 issue affects the mpglib decoder (III_i_stereo in layer3.c) used by LAME 3.99.5 and related products. The vulnerability is a stack-based buffer overflow in the MP3 decoding path that can be triggered by a crafted audio file, potentially causing an application crash or denial of ...