| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call. |
| libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header. |
| The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section. |
| Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape. |
| An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. |
| The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function. |
| The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. |
| inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. |
| Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. |
| The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression. |
| A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR. |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the XSLT engine. |
| In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash. |
| Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. NOTE: this vulnerability exists due to an incomplete fix for CVE-2016-7563. |
| Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4738. |
| When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock() function in lib/ttf.c. |
| An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service. |
| An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service. |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, possible buffer overflow or information leak in the functions "sme_set_ft_ies" and "csr_roam_issue_ft_preauth_req" due to incorrect initialization of WEXT callbacks and lack of the checks for buffer size. |
