Search Results (3380 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8706 2 Memcached, Redhat 2 Memcached, Enterprise Linux 2025-04-20 N/A
An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
CVE-2017-6827 1 Audiofile 1 Audiofile 2025-04-20 N/A
Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file.
CVE-2017-13758 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.
CVE-2017-7300 1 Gnu 1 Binutils 2025-04-20 N/A
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.
CVE-2017-13757 1 Gnu 1 Binutils 2025-04-20 N/A
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.
CVE-2017-9727 2 Artifex, Debian 2 Ghostscript Ghostxps, Debian Linux 2025-04-20 N/A
The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-1000229 2 Debian, Optipng Project 2 Debian Linux, Optipng 2025-04-20 N/A
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
CVE-2017-13090 3 Debian, Gnu, Redhat 3 Debian Linux, Wget, Enterprise Linux 2025-04-20 N/A
The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer.
CVE-2017-12955 1 Exiv2 1 Exiv2 2025-04-20 N/A
There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact.
CVE-2014-9922 2 Google, Linux 2 Android, Linux Kernel 2025-04-20 N/A
The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.
CVE-2016-10272 1 Libtiff 1 Libtiff 2025-04-20 N/A
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9.
CVE-2016-2226 1 Gnu 1 Libiberty 2025-04-20 N/A
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.
CVE-2016-9556 3 Debian, Imagemagick, Opensuse Project 3 Debian Linux, Imagemagick, Leap 2025-04-20 N/A
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
CVE-2016-2376 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2025-04-20 N/A
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet which will trigger a buffer overflow.
CVE-2017-11698 1 Mozilla 1 Network Security Services 2025-04-20 N/A
Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
CVE-2017-11696 1 Mozilla 1 Network Security Services 2025-04-20 N/A
Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
CVE-2017-11695 1 Mozilla 1 Network Security Services 2025-04-20 N/A
Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
CVE-2016-7799 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2025-04-20 6.5 Medium
MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVE-2016-3076 1 Python 1 Pillow 2025-04-20 N/A
Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
CVE-2016-10317 1 Artifex 1 Ghostscript 2025-04-20 N/A
The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.