CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-125

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-14410 125 DoS 2017-09-12 2017-09-18
4.3
None Remote Medium Not required None None Partial
A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.
2 CVE-2017-14408 125 DoS 2017-09-12 2017-09-18
4.3
None Remote Medium Not required None None Partial
A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.
3 CVE-2017-14407 125 DoS 2017-09-12 2017-09-18
4.3
None Remote Medium Not required None None Partial
A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.
4 CVE-2017-14132 125 DoS 2017-09-04 2017-09-06
4.3
None Remote Medium Not required None None Partial
JasPer 2.0.13 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.
5 CVE-2017-13744 125 2017-08-29 2017-09-06
4.3
None Remote Medium Not required None None Partial
There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0.
6 CVE-2017-13738 125 2017-08-29 2017-09-06
6.8
None Remote Medium Not required Partial Partial Partial
There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0.
7 CVE-2017-13672 125 DoS 2017-09-01 2017-09-05
2.1
None Local Low Not required None None Partial
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
8 CVE-2017-13139 125 2017-08-23 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
9 CVE-2017-12963 125 DoS 2017-08-18 2017-08-21
5.0
None Remote Low Not required None None Partial
There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix (available from GitHub after 2017-07-24).
10 CVE-2017-12958 125 DoS 2017-08-18 2017-09-01
5.0
None Remote Low Not required None None Partial
There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
11 CVE-2017-12956 125 DoS 2017-08-18 2017-08-22
4.3
None Remote Medium Not required None None Partial
There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service.
12 CVE-2017-12954 125 DoS 2017-08-28 2017-09-05
4.3
None Remote Medium Not required None None Partial
The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
13 CVE-2017-12941 125 2017-08-18 2017-08-21
7.5
None Remote Low Not required Partial Partial Partial
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.
14 CVE-2017-12940 125 2017-08-18 2017-08-21
7.5
None Remote Low Not required Partial Partial Partial
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
15 CVE-2017-12935 125 2017-08-18 2017-08-20
6.8
None Remote Medium Not required Partial Partial Partial
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.
16 CVE-2017-12640 125 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.
17 CVE-2017-12599 125 2017-08-06 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread.
18 CVE-2017-12598 125 2017-08-06 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case.
19 CVE-2017-12458 125 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.
20 CVE-2017-12456 125 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.
21 CVE-2017-12455 125 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.
22 CVE-2017-12454 125 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.
23 CVE-2017-12453 125 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.
24 CVE-2017-12452 125 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.
25 CVE-2017-12451 125 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.
26 CVE-2017-12449 125 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.
27 CVE-2017-12445 125 DoS 2017-08-17 2017-08-22
4.3
None Remote Medium Not required None None Partial
The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
28 CVE-2017-12444 125 DoS 2017-08-17 2017-08-22
4.3
None Remote Medium Not required None None Partial
The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
29 CVE-2017-12443 125 DoS 2017-08-17 2017-08-22
4.3
None Remote Medium Not required None None Partial
The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
30 CVE-2017-12442 125 DoS 2017-08-17 2017-08-22
4.3
None Remote Medium Not required None None Partial
The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
31 CVE-2017-12441 125 DoS 2017-08-17 2017-08-22
4.3
None Remote Medium Not required None None Partial
The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
32 CVE-2017-12142 125 DoS 2017-08-02 2017-08-02
4.3
None Remote Medium Not required None None Partial
In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
33 CVE-2017-12067 125 2017-08-01 2017-08-09
5.0
None Remote Low Not required None None Partial
Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c.
34 CVE-2017-11753 125 DoS 2017-07-30 2017-08-02
4.3
None Remote Medium Not required None None Partial
The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transport System (FITS) file.
35 CVE-2017-11731 125 DoS 2017-07-29 2017-08-02
4.3
None Remote Medium Not required None None Partial
An invalid memory read vulnerability was found in the function OpCode (called from isLogicalOp and decompileIF) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
36 CVE-2017-11722 125 DoS 2017-07-28 2017-08-03
4.3
None Remote Medium Not required None None Partial
The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition.
37 CVE-2017-11719 125 DoS 2017-07-28 2017-08-03
6.8
None Remote Medium Not required Partial Partial Partial
The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file.
38 CVE-2017-11714 125 DoS 2017-07-28 2017-09-05
6.8
None Remote Medium Not required Partial Partial Partial
psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.
39 CVE-2017-11670 125 2017-07-31 2017-08-14
5.0
None Remote Low Not required None None Partial
A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. A remote attacker could potentially use this flaw to crash the eapmd5pass process by generating specially crafted network traffic.
40 CVE-2017-11669 125 2017-07-31 2017-08-14
5.0
None Remote Low Not required None None Partial
An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:211 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic.
41 CVE-2017-11668 125 2017-07-31 2017-08-14
5.0
None Remote Low Not required None None Partial
An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic.
42 CVE-2017-11664 125 DoS 2017-08-17 2017-08-21
4.3
None Remote Medium Not required None None Partial
The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
43 CVE-2017-11663 125 DoS 2017-08-17 2017-08-21
4.3
None Remote Medium Not required None None Partial
The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
44 CVE-2017-11662 125 DoS 2017-08-17 2017-08-21
5.0
None Remote Low Not required None None Partial
The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
45 CVE-2017-11661 125 DoS 2017-08-17 2017-08-21
5.0
None Remote Low Not required None None Partial
The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
46 CVE-2017-11654 125 2017-07-26 2017-08-01
4.3
None Remote Medium Not required None None Partial
An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic.
47 CVE-2017-11600 125 DoS 2017-07-24 2017-07-31
6.9
None Local Medium Not required Complete Complete Complete
net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.
48 CVE-2017-11547 125 DoS 2017-07-31 2017-08-03
4.3
None Remote Medium Not required None None Partial
The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation.
49 CVE-2017-11465 125 DoS Bypass 2017-07-19 2017-07-25
7.5
None Remote Low Not required Partial Partial Partial
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.
50 CVE-2017-11434 125 DoS 2017-07-25 2017-07-31
2.1
None Local Low Not required None None Partial
The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.
Total number of vulnerabilities : 411   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.