Export limit exceeded: 21836 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21836 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5035 | 1 Libdwarf Project | 1 Libdwarf | 2025-04-20 | 6.5 Medium |
| The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | ||||
| CVE-2016-5033 | 1 Libdwarf Project | 1 Libdwarf | 2025-04-20 | 6.5 Medium |
| The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | ||||
| CVE-2016-5032 | 1 Libdwarf Project | 1 Libdwarf | 2025-04-20 | 6.5 Medium |
| The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file. | ||||
| CVE-2016-5031 | 1 Libdwarf Project | 1 Libdwarf | 2025-04-20 | 5.5 Medium |
| The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | ||||
| CVE-2017-5209 | 1 Libimobiledevice | 1 Libplist | 2025-04-20 | N/A |
| The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data. | ||||
| CVE-2015-8538 | 1 Libdwarf Project | 1 Libdwarf | 2025-04-20 | 6.5 Medium |
| dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV). | ||||
| CVE-2017-13744 | 2 Liblouis, Redhat | 2 Liblouis, Enterprise Linux | 2025-04-20 | N/A |
| There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0. | ||||
| CVE-2017-1000254 | 2 Haxx, Redhat | 3 Libcurl, Jboss Core Services, Rhel Software Collections | 2025-04-20 | N/A |
| libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote. | ||||
| CVE-2017-9205 | 1 Entropymine | 1 Imageworsener | 2025-04-20 | N/A |
| The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c. | ||||
| CVE-2017-14733 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2025-04-20 | N/A |
| ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | ||||
| CVE-2017-16808 | 1 Tcpdump | 1 Tcpdump | 2025-04-20 | N/A |
| tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. | ||||
| CVE-2017-9195 | 1 Autotrace Project | 1 Autotrace | 2025-04-20 | N/A |
| libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:620:27. | ||||
| CVE-2017-9194 | 1 Autotrace Project | 1 Autotrace | 2025-04-20 | N/A |
| libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:559:29. | ||||
| CVE-2017-9193 | 1 Autotrace Project | 1 Autotrace | 2025-04-20 | N/A |
| libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:538:33. | ||||
| CVE-2017-9189 | 1 Autotrace Project | 1 Autotrace | 2025-04-20 | N/A |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and application crash), related to the GET_COLOR function in color.c:16:11. | ||||
| CVE-2017-9180 | 1 Autotrace Project | 1 Autotrace | 2025-04-20 | N/A |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:440:14. | ||||
| CVE-2017-9204 | 1 Entropymine | 1 Imageworsener | 2025-04-20 | N/A |
| The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c. | ||||
| CVE-2017-11605 | 1 Libsass | 1 Libsass | 2025-04-20 | N/A |
| There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack. | ||||
| CVE-2017-6419 | 2 Clamav, Libmspack Project | 2 Clamav, Libmspack | 2025-04-20 | N/A |
| mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. | ||||
| CVE-2017-1000158 | 2 Debian, Python | 2 Debian Linux, Python | 2025-04-20 | 9.8 Critical |
| CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) | ||||