CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-119

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-9544 119 Exec Code Overflow 2017-06-12 2017-06-22
7.5
None Remote Low Not required Partial Partial Partial
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.
2 CVE-2017-9474 119 DoS Overflow 2017-06-07 2017-06-09
4.3
None Remote Medium Not required None None Partial
In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
3 CVE-2017-9472 119 DoS Overflow 2017-06-07 2017-06-09
4.3
None Remote Medium Not required None None Partial
In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
4 CVE-2017-9471 119 DoS Overflow 2017-06-07 2017-06-09
4.3
None Remote Medium Not required None None Partial
In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
5 CVE-2017-9469 119 Overflow 2017-06-06 2017-06-13
5.0
None Remote Low Not required None None Partial
In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.
6 CVE-2017-9465 119 DoS Overflow +Info 2017-06-06 2017-06-14
5.8
None Remote Medium Not required Partial None Partial
The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.
7 CVE-2017-9440 119 DoS Overflow 2017-06-05 2017-06-09
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file.
8 CVE-2017-9439 119 DoS Overflow 2017-06-05 2017-06-09
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file.
9 CVE-2017-9433 119 Overflow 2017-06-04 2017-06-12
7.5
None Remote Low Not required Partial Partial Partial
Document Liberation Project libmwaw before 2017-04-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in lib/MsWrd1Parser.cxx.
10 CVE-2017-9430 119 DoS Overflow 2017-06-05 2017-06-13
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string.
11 CVE-2017-9409 119 DoS Overflow 2017-06-02 2017-06-06
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file.
12 CVE-2017-9408 119 DoS Overflow 2017-06-02 2017-06-06
4.3
None Remote Medium Not required None None Partial
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.
13 CVE-2017-9407 119 DoS Overflow 2017-06-02 2017-06-06
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
14 CVE-2017-9406 119 DoS Overflow 2017-06-02 2017-06-06
4.3
None Remote Medium Not required None None Partial
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
15 CVE-2017-9405 119 DoS Overflow 2017-06-02 2017-06-06
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.
16 CVE-2017-9404 119 DoS Overflow 2017-06-02 2017-06-06
4.3
None Remote Medium Not required None None Partial
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
17 CVE-2017-9403 119 DoS Overflow 2017-06-02 2017-06-06
4.3
None Remote Medium Not required None None Partial
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
18 CVE-2017-9374 119 DoS Overflow 2017-06-16 2017-06-21
2.1
None Local Low Not required None None Partial
Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.
19 CVE-2017-9373 119 DoS Overflow 2017-06-16 2017-06-20
1.9
None Local Medium Not required None None Partial
Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.
20 CVE-2017-9372 119 DoS Overflow 2017-06-02 2017-06-14
5.0
None Remote Low Not required None None Partial
PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.
21 CVE-2017-9351 119 Overflow 2017-06-02 2017-06-06
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.
22 CVE-2017-9348 119 Overflow 2017-06-02 2017-06-05
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.
23 CVE-2017-9300 119 DoS Overflow 2017-05-29 2017-06-06
6.8
None Remote Medium Not required Partial Partial Partial
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
24 CVE-2017-9265 119 Overflow 2017-05-29 2017-06-07
7.5
None Remote Low Not required Partial Partial Partial
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
25 CVE-2017-9264 119 Overflow 2017-05-29 2017-06-07
7.5
None Remote Low Not required Partial Partial Partial
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.
26 CVE-2017-9262 119 DoS Overflow 2017-05-29 2017-06-05
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
27 CVE-2017-9261 119 DoS Overflow 2017-05-29 2017-06-05
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
28 CVE-2017-9207 119 DoS Overflow 2017-05-23 2017-05-30
4.3
None Remote Medium Not required None None Partial
The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c.
29 CVE-2017-9206 119 DoS Overflow 2017-05-23 2017-05-30
4.3
None Remote Medium Not required None None Partial
The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c.
30 CVE-2017-9203 119 DoS Overflow 2017-05-23 2017-05-30
4.3
None Remote Medium Not required None None Partial
imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (buffer underflow) via a crafted image, related to imagew-bmp.c.
31 CVE-2017-9195 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:620:27.
32 CVE-2017-9194 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:559:29.
33 CVE-2017-9193 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:538:33.
34 CVE-2017-9192 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-tga.c:528:7.
35 CVE-2017-9191 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the rle_fread function in input-tga.c:252:15.
36 CVE-2017-9173 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:497:29.
37 CVE-2017-9172 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:496:29.
38 CVE-2017-9171 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24.
39 CVE-2017-9170 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:370:25.
40 CVE-2017-9169 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:355:25.
41 CVE-2017-9168 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:353:25.
42 CVE-2017-9167 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:337:25.
43 CVE-2017-9166 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:18:11.
44 CVE-2017-9165 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11.
45 CVE-2017-9164 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:16:11.
46 CVE-2017-9163 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in pxl-outline.c:106:54.
47 CVE-2017-9160 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in the pnmscanner_gettoken function in input-pnm.c:458:12.
48 CVE-2017-9153 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_rawpbm function in input-pnm.c:391:13.
49 CVE-2017-9152 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in input-pnm.c:346:41.
50 CVE-2017-9151 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_ascii function in input-pnm.c:303:12.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.