CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-119

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000377 119 Overflow Bypass 2017-06-19 2017-07-05
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time).
2 CVE-2017-1000376 119 Exec Code Overflow 2017-06-19 2017-07-05
6.9
None Local Medium Not required Complete Complete Complete
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.
3 CVE-2017-1000375 119 Exec Code Overflow 2017-06-19 2017-08-11
7.5
None Remote Low Not required Partial Partial Partial
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.
4 CVE-2017-1000366 119 Exec Code Overflow 2017-06-19 2017-08-11
7.2
None Local Low Not required Complete Complete Complete
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
5 CVE-2017-1000364 119 Overflow Bypass 2017-06-19 2017-07-06
6.2
None Local High Not required Complete Complete Complete
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
6 CVE-2017-1000075 119 Overflow 2017-07-17 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function
7 CVE-2017-1000074 119 Overflow 2017-07-17 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function.
8 CVE-2017-1000073 119 Exec Code Overflow 2017-07-17 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution.
9 CVE-2017-1000044 119 Overflow Mem. Corr. 2017-07-17 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering
10 CVE-2017-12676 119 DoS Overflow 2017-08-07 2017-08-10
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.
11 CVE-2017-12675 119 DoS Overflow 2017-08-07 2017-08-08
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service.
12 CVE-2017-12673 119 DoS Overflow 2017-08-07 2017-08-10
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service.
13 CVE-2017-12672 119 DoS Overflow 2017-08-07 2017-08-10
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.
14 CVE-2017-12669 119 Overflow 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.
15 CVE-2017-12668 119 Overflow 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
16 CVE-2017-12667 119 Overflow 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c.
17 CVE-2017-12666 119 Overflow 2017-08-07 2017-08-10
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.
18 CVE-2017-12665 119 Overflow 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c.
19 CVE-2017-12664 119 Overflow 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c.
20 CVE-2017-12663 119 Overflow 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.
21 CVE-2017-12662 119 Overflow 2017-08-07 2017-08-10
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c.
22 CVE-2017-12654 119 DoS Overflow 2017-08-07 2017-08-10
4.3
None Remote Medium Not required None None Partial
The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file.
23 CVE-2017-12644 119 Overflow 2017-08-07 2017-08-09
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c.
24 CVE-2017-12642 119 Overflow 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c.
25 CVE-2017-12641 119 Overflow 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c.
26 CVE-2017-12601 119 Overflow 2017-08-06 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using cv::imread, as demonstrated by the 4-buf-overflow-readData-memcpy test case.
27 CVE-2017-12596 119 DoS Exec Code Overflow 2017-08-06 2017-08-14
6.8
None Remote Medium Not required Partial Partial Partial
In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.
28 CVE-2017-12566 119 DoS Overflow 2017-08-05 2017-08-07
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders/mvg.c, which allows attackers to cause a denial of service, related to the function ReadSVGImage in svg.c.
29 CVE-2017-12565 119 DoS Overflow 2017-08-05 2017-08-08
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.
30 CVE-2017-12564 119 DoS Overflow 2017-08-05 2017-08-09
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.
31 CVE-2017-12562 119 DoS Overflow 2017-08-05 2017-08-09
7.5
None Remote Low Not required Partial Partial Partial
Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
32 CVE-2017-12482 119 DoS Overflow 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
33 CVE-2017-12481 119 DoS Overflow 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
34 CVE-2017-12433 119 DoS Overflow 2017-08-04 2017-08-07
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c.
35 CVE-2017-12428 119 DoS Overflow 2017-08-04 2017-08-08
5.0
None Remote Low Not required None None Partial
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.
36 CVE-2017-12427 119 DoS Overflow 2017-08-04 2017-08-04
4.3
None Remote Medium Not required None None Partial
The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function.
37 CVE-2017-12424 119 Overflow Mem. Corr. 2017-08-04 2017-08-15
7.5
None Remote Low Not required Partial Partial Partial
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
38 CVE-2017-12418 119 Overflow 2017-08-03 2017-08-04
5.0
None Remote Low Not required None None Partial
ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c.
39 CVE-2017-12141 119 DoS Overflow 2017-08-02 2017-08-02
4.3
None Remote Medium Not required None None Partial
In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
40 CVE-2017-11757 119 Exec Code Overflow 2017-07-31 2017-08-14
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads to a zero-byte allocation. The _srvLnaConnectMP1 function is affected.
41 CVE-2017-11755 119 DoS Overflow 2017-07-30 2017-08-02
4.3
None Remote Medium Not required None None Partial
The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.
42 CVE-2017-11754 119 DoS Overflow 2017-07-30 2017-08-02
4.3
None Remote Medium Not required None None Partial
The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.
43 CVE-2017-11752 119 DoS Overflow 2017-07-30 2017-08-02
4.3
None Remote Medium Not required None None Partial
The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
44 CVE-2017-11751 119 DoS Overflow 2017-07-30 2017-08-02
4.3
None Remote Medium Not required None None Partial
The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
45 CVE-2017-11734 119 DoS Overflow 2017-07-29 2017-08-02
4.3
None Remote Medium Not required None None Partial
A heap-based buffer over-read was found in the function decompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
46 CVE-2017-11732 119 DoS Overflow 2017-07-29 2017-08-02
4.3
None Remote Medium Not required None None Partial
A heap-based buffer overflow vulnerability was found in the function dcputs (called from decompileIMPLEMENTS) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
47 CVE-2017-11730 119 DoS Overflow 2017-07-29 2017-08-02
4.3
None Remote Medium Not required None None Partial
A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1474) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
48 CVE-2017-11729 119 DoS Overflow 2017-07-29 2017-08-02
4.3
None Remote Medium Not required None None Partial
A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1440) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
49 CVE-2017-11728 119 DoS Overflow 2017-07-29 2017-08-02
4.3
None Remote Medium Not required None None Partial
A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
50 CVE-2017-11721 119 DoS Overflow 2017-08-03 2017-08-09
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.