CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-8105 Overflow 2017-04-24 2017-04-24
0.0
None ??? ??? ??? ??? ??? ???
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.
2 CVE-2017-8073 Overflow 2017-04-23 2017-04-23
0.0
None ??? ??? ??? ??? ??? ???
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.
3 CVE-2017-7982 DoS Overflow 2017-04-20 2017-04-20
0.0
None ??? ??? ??? ??? ??? ???
Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file.
4 CVE-2017-7976 DoS Overflow 2017-04-19 2017-04-19
0.0
None ??? ??? ??? ??? ??? ???
Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory.
5 CVE-2017-7975 DoS Exec Code Overflow 2017-04-19 2017-04-19
0.0
None ??? ??? ??? ??? ??? ???
Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code.
6 CVE-2017-7948 DoS Overflow 2017-04-19 2017-04-19
0.0
None ??? ??? ??? ??? ??? ???
Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document.
7 CVE-2017-7938 DoS Overflow 2017-04-20 2017-04-20
0.0
None ??? ??? ??? ??? ??? ???
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files.
8 CVE-2017-7892 Overflow 2017-04-17 2017-04-17
0.0
None ??? ??? ??? ??? ??? ???
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a bounds check in such calculations is Apple LLVM version 8.1.0 (clang-802.0.41). The attack vector is a crafted far pointer within a message.
9 CVE-2017-7885 DoS Overflow 2017-04-16 2017-04-16
0.0
None ??? ??? ??? ??? ??? ???
Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file.
10 CVE-2017-7875 Overflow 2017-04-14 2017-04-18
0.0
None ??? ??? ??? ??? ??? ???
In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free.
11 CVE-2017-7870 787 Overflow 2017-04-14 2017-04-20
7.5
None Remote Low Not required Partial Partial Partial
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.
12 CVE-2017-7869 Overflow 2017-04-14 2017-04-18
0.0
None ??? ??? ??? ??? ??? ???
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
13 CVE-2017-7868 Overflow 2017-04-14 2017-04-18
0.0
None ??? ??? ??? ??? ??? ???
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.
14 CVE-2017-7867 Overflow 2017-04-14 2017-04-17
0.0
None ??? ??? ??? ??? ??? ???
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.
15 CVE-2017-7866 787 Overflow 2017-04-14 2017-04-20
7.5
None Remote Low Not required Partial Partial Partial
FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.
16 CVE-2017-7865 787 Overflow 2017-04-14 2017-04-20
7.5
None Remote Low Not required Partial Partial Partial
FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.
17 CVE-2017-7864 787 Overflow 2017-04-14 2017-04-20
7.5
None Remote Low Not required Partial Partial Partial
FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c.
18 CVE-2017-7863 787 Overflow 2017-04-14 2017-04-20
7.5
None Remote Low Not required Partial Partial Partial
FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.
19 CVE-2017-7862 787 Overflow 2017-04-14 2017-04-20
7.5
None Remote Low Not required Partial Partial Partial
FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.
20 CVE-2017-7860 787 Overflow 2017-04-14 2017-04-20
7.5
None Remote Low Not required Partial Partial Partial
Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.
21 CVE-2017-7859 787 Overflow 2017-04-14 2017-04-20
7.5
None Remote Low Not required Partial Partial Partial
FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.
22 CVE-2017-7857 787 Overflow 2017-04-14 2017-04-20
7.5
None Remote Low Not required Partial Partial Partial
FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.
23 CVE-2017-7856 787 Overflow 2017-04-14 2017-04-20
7.5
None Remote Low Not required Partial Partial Partial
LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx.
24 CVE-2017-7854 119 DoS Overflow 2017-04-13 2017-04-20
4.3
None Remote Medium Not required None None Partial
The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.
25 CVE-2017-7853 119 Overflow 2017-04-13 2017-04-20
5.0
None Remote Low Not required None None Partial
In libosip2 in GNU oSIP 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS.
26 CVE-2017-7742 119 Overflow 2017-04-12 2017-04-20
4.3
None Remote Medium Not required None None Partial
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
27 CVE-2017-7741 119 Overflow 2017-04-12 2017-04-20
4.3
None Remote Medium Not required None None Partial
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
28 CVE-2017-7716 119 DoS Overflow 2017-04-12 2017-04-20
4.3
None Remote Medium Not required None None Partial
The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.
29 CVE-2017-7697 119 Overflow 2017-04-11 2017-04-17
4.3
None Remote Medium Not required None None Partial
In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file.
30 CVE-2017-7623 119 DoS Overflow 2017-04-10 2017-04-14
4.3
None Remote Medium Not required None None Partial
The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
31 CVE-2017-7617 119 Exec Code Overflow 2017-04-10 2017-04-17
6.5
None Remote Low Single system Partial Partial Partial
Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.
32 CVE-2017-7612 119 DoS Overflow 2017-04-09 2017-04-13
4.3
None Remote Medium Not required None None Partial
The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
33 CVE-2017-7611 119 DoS Overflow 2017-04-09 2017-04-13
4.3
None Remote Medium Not required None None Partial
The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
34 CVE-2017-7610 119 DoS Overflow 2017-04-09 2017-04-13
4.3
None Remote Medium Not required None None Partial
The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
35 CVE-2017-7608 119 DoS Overflow 2017-04-09 2017-04-13
4.3
None Remote Medium Not required None None Partial
The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
36 CVE-2017-7607 119 DoS Overflow 2017-04-09 2017-04-13
4.3
None Remote Medium Not required None None Partial
The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
37 CVE-2017-7605 119 DoS Overflow 2017-04-09 2017-04-13
6.8
None Remote Medium Not required Partial Partial Partial
aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.
38 CVE-2017-7603 190 DoS Overflow 2017-04-09 2017-04-13
6.8
None Remote Medium Not required Partial Partial Partial
au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.
39 CVE-2017-7602 190 DoS Overflow 2017-04-09 2017-04-13
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
40 CVE-2017-7593 119 Overflow +Info 2017-04-09 2017-04-13
4.3
None Remote Medium Not required Partial None None
tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.
41 CVE-2017-7586 119 Overflow 2017-04-07 2017-04-11
4.3
None Remote Medium Not required None None Partial
In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
42 CVE-2017-7585 119 Overflow 2017-04-07 2017-04-10
4.3
None Remote Medium Not required None None Partial
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
43 CVE-2017-7584 119 DoS Exec Code Overflow Mem. Corr. 2017-04-07 2017-04-11
6.8
None Remote Medium Not required Partial Partial Partial
Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file.
44 CVE-2017-7578 119 DoS Overflow 2017-04-07 2017-04-12
6.8
None Remote Medium Not required Partial Partial Partial
Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incomplete fix for CVE-2016-9831.
45 CVE-2017-7454 119 DoS Overflow 2017-04-05 2017-04-10
4.3
None Remote Medium Not required None None Partial
The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
46 CVE-2017-7395 190 Overflow 2017-03-31 2017-04-04
4.0
None Remote Low Single system None None Partial
In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.
47 CVE-2017-7379 119 DoS Overflow 2017-04-03 2017-04-06
4.3
None Remote Medium Not required None None Partial
The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.
48 CVE-2017-7378 119 DoS Overflow 2017-04-03 2017-04-06
4.3
None Remote Medium Not required None None Partial
The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.
49 CVE-2017-7310 119 Exec Code Overflow 2017-03-29 2017-04-03
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow vulnerability in Import Command in Sync Breeze Enterprise Client 9.5.16, Disk Sorter Enterprise Client 9.5.12, and DiskBoss Enterprise Client 7.8.16 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
50 CVE-2017-7308 119 DoS Overflow 2017-03-29 2017-04-03
7.2
None Local Low Not required Complete Complete Complete
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.