Total
12606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14858 | 1 Exiv2 | 1 Exiv2 | 2024-08-05 | N/A |
| There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | ||||
| CVE-2017-14859 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2024-08-05 | 5.5 Medium |
| An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | ||||
| CVE-2017-14854 | 1 Orpak | 1 Siteomat | 2024-08-05 | N/A |
| A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25. | ||||
| CVE-2017-14882 | 1 Google | 1 Android | 2024-08-05 | N/A |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing VENDOR specific action frame in the function lim_process_action_vendor_specific(), a comparison is performed with the incoming action frame body without validating if the action frame body received is of valid length, potentially leading to an out-of-bounds access. | ||||
| CVE-2017-14862 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2024-08-05 | 5.5 Medium |
| An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | ||||
| CVE-2017-14865 | 1 Exiv2 | 1 Exiv2 | 2024-08-05 | N/A |
| There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | ||||
| CVE-2017-14888 | 1 Google | 1 Android | 2024-08-05 | N/A |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Userspace can pass IEs to the host driver and if multiple append commands are received, then the integer variable that stores the length can overflow and the subsequent copy of the IE data may potentially lead to a heap buffer overflow. | ||||
| CVE-2017-14689 | 1 Stdutility | 1 Stdu Viewer | 2024-08-05 | N/A |
| STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e." | ||||
| CVE-2017-14682 | 1 Imagemagick | 1 Imagemagick | 2024-08-05 | N/A |
| GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. | ||||
| CVE-2017-14767 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-05 | N/A |
| The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. | ||||
| CVE-2017-14692 | 1 Stdutility | 1 Stdu Viewer | 2024-08-05 | N/A |
| STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b." | ||||
| CVE-2017-14727 | 1 Weechat | 2 Logger, Weechat | 2024-08-05 | N/A |
| logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized. | ||||
| CVE-2017-14694 | 1 Foxitsoftware | 1 Foxit Reader | 2024-08-05 | N/A |
| Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f.". | ||||
| CVE-2017-14742 | 1 Labf | 1 Nfsaxe | 2024-08-05 | 9.8 Critical |
| Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely. | ||||
| CVE-2017-14693 | 1 Irfanview | 1 Irfanview | 2024-08-05 | N/A |
| IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613." | ||||
| CVE-2017-14691 | 1 Stdutility | 1 Stdu Viewer | 2024-08-05 | N/A |
| STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_773a0000!RtlAddAccessAllowedAce+0x000000000000027a." | ||||
| CVE-2017-14688 | 1 Stdutility | 1 Stdu Viewer | 2024-08-05 | N/A |
| STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917." | ||||
| CVE-2017-14687 | 2 Artifex, Microsoft | 2 Mupdf, Windows | 2024-08-05 | N/A |
| Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons. | ||||
| CVE-2017-14632 | 3 Canonical, Debian, Xiph.org | 3 Ubuntu Linux, Debian Linux, Libvorbis | 2024-08-05 | 9.8 Critical |
| Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. | ||||
| CVE-2017-14686 | 2 Artifex, Microsoft | 2 Mupdf, Windows | 2024-08-05 | N/A |
| Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers. | ||||