CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian : Security Vulnerabilities Published In 2013 (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-7020 119 DoS Overflow 2013-12-09 2016-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.
2 CVE-2013-4852 189 DoS Exec Code Overflow 2013-08-19 2015-09-02
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.
3 CVE-2013-4243 119 DoS Exec Code Overflow 2013-09-10 2014-03-05
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.
4 CVE-2013-4234 119 DoS Exec Code Overflow Mem. Corr. 2013-09-16 2013-09-25
6.8
None Remote Medium Not required Partial Partial Partial
Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC.
5 CVE-2013-4233 189 DoS Exec Code Overflow 2013-09-16 2013-09-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.
6 CVE-2013-4082 119 DoS Overflow 2013-06-09 2015-12-02
5.0
None Remote Low Not required None None Partial
The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet.
7 CVE-2013-4081 119 DoS Overflow 2013-06-09 2015-12-02
5.0
None Remote Low Not required None None Partial
The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet.
8 CVE-2013-4077 119 DoS Overflow 2013-06-09 2015-12-01
5.0
None Remote Low Not required None None Partial
Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c.
9 CVE-2013-4076 119 DoS Overflow 2013-06-09 2015-12-01
5.0
None Remote Low Not required None None Partial
Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
10 CVE-2013-3561 189 DoS Overflow 2013-05-24 2015-12-01
7.8
None Remote Low Not required None None Complete
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
11 CVE-2013-3559 189 DoS Overflow Mem. Corr. 2013-05-24 2015-12-01
5.0
None Remote Low Not required None None Partial
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
12 CVE-2013-3557 119 DoS Overflow 2013-05-24 2015-12-01
5.0
None Remote Low Not required None None Partial
The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
13 CVE-2013-2919 119 DoS Overflow Mem. Corr. 2013-10-02 2016-09-09
7.5
None Remote Low Not required Partial Partial Partial
Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
14 CVE-2013-2478 189 DoS Overflow 2013-03-07 2015-12-02
3.3
None Local Network Low Not required None None Partial
The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string.
15 CVE-2013-2072 119 DoS Overflow +Priv Mem. Corr. 2013-08-28 2015-11-19
7.4
None Local Network Medium Single system Complete Complete Complete
Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap.
16 CVE-2013-2064 189 Overflow 2013-06-15 2016-08-19
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.
17 CVE-2013-1049 119 DoS Exec Code Overflow 2013-03-13 2013-03-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the RFC1413 (ident) client in cfingerd 1.4.3-3 allows remote IDENT servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted response.
18 CVE-2013-0251 119 DoS Exec Code Overflow 2013-03-19 2013-03-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through 1.30 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the llogin version.
Total number of vulnerabilities : 18   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.