| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). |
| A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453. |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow) via a crafted app. |
| An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive. |
| The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference. |
| An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. As the application attempts to iterate through the rows and initializing the polygon shape in the buffer, it will write outside of the bounds of said buffer. This can lead to code execution under the context of the account running it. |
| Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. |
| In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. |
| Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. |
| Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression. |
| The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket. |
| Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow. |
| The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame(). |
| The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print(). |
| The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print(). |
| The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). |
| The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print(). |
| Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology. |
| The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print(). |
| The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print(). |
