Security Vulnerabilities, CVEs, Published In September 2017 (Denial of service)
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.
Max CVSS
5.5
EPSS Score
0.06%
Published
2017-09-26
Updated
2019-10-03
Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359."
Max CVSS
7.8
EPSS Score
0.08%
Published
2017-09-30
Updated
2017-10-05
Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFile+0x000000000000344e."
Max CVSS
7.8
EPSS Score
0.07%
Published
2017-09-30
Updated
2017-10-05
Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068."
Max CVSS
7.8
EPSS Score
0.07%
Published
2017-09-30
Updated
2017-10-05
scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.
Max CVSS
5.5
EPSS Score
0.07%
Published
2017-09-30
Updated
2017-10-03
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.
Max CVSS
5.5
EPSS Score
0.69%
Published
2017-09-30
Updated
2019-10-03
_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.
Max CVSS
5.5
EPSS Score
0.27%
Published
2017-09-30
Updated
2019-10-03
process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.
Max CVSS
5.5
EPSS Score
0.33%
Published
2017-09-30
Updated
2019-10-03
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.
Max CVSS
5.5
EPSS Score
0.58%
Published
2017-09-30
Updated
2019-10-03
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.
Max CVSS
5.5
EPSS Score
0.11%
Published
2017-09-30
Updated
2019-10-03
ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file.
Max CVSS
5.5
EPSS Score
0.17%
Published
2017-09-30
Updated
2019-10-03
Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
Max CVSS
7.1
EPSS Score
0.12%
Published
2017-09-30
Updated
2019-10-03
There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
Max CVSS
5.5
EPSS Score
0.06%
Published
2017-09-29
Updated
2017-10-04
There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
Max CVSS
5.5
EPSS Score
0.06%
Published
2017-09-29
Updated
2017-10-04
An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
Max CVSS
5.5
EPSS Score
0.09%
Published
2017-09-29
Updated
2023-01-13
A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
Max CVSS
5.5
EPSS Score
0.06%
Published
2017-09-29
Updated
2019-10-03
An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
Max CVSS
5.5
EPSS Score
0.09%
Published
2017-09-29
Updated
2023-01-13
There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.
Max CVSS
5.5
EPSS Score
0.13%
Published
2017-09-29
Updated
2019-10-03
There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
Max CVSS
5.5
EPSS Score
0.06%
Published
2017-09-29
Updated
2019-10-03
An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
Max CVSS
5.5
EPSS Score
0.09%
Published
2017-09-29
Updated
2023-01-13
There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
Max CVSS
5.5
EPSS Score
0.06%
Published
2017-09-29
Updated
2017-10-04
In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack.
Max CVSS
5.5
EPSS Score
0.06%
Published
2017-09-29
Updated
2017-10-04
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg.
Max CVSS
8.8
EPSS Score
0.52%
Published
2017-09-28
Updated
2017-09-30
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg.
Max CVSS
8.8
EPSS Score
0.52%
Published
2017-09-28
Updated
2017-09-30
The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.
Max CVSS
8.8
EPSS Score
0.41%
Published
2017-09-27
Updated
2019-01-08