Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
Max CVSS
7.5
EPSS Score
0.29%
Published
2010-12-07
Updated
2020-07-31
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
Max CVSS
4.3
EPSS Score
0.17%
Published
2010-11-17
Updated
2020-06-04
Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive.
Max CVSS
6.8
EPSS Score
2.07%
Published
2010-11-16
Updated
2010-12-10
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
Max CVSS
6.8
EPSS Score
4.06%
Published
2010-11-16
Updated
2010-12-11
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
Max CVSS
6.8
EPSS Score
6.15%
Published
2010-11-16
Updated
2010-12-11
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file.
Max CVSS
6.8
EPSS Score
6.25%
Published
2010-11-16
Updated
2010-12-11
Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.
Max CVSS
6.8
EPSS Score
6.21%
Published
2010-11-16
Updated
2010-12-11
Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.
Max CVSS
6.8
EPSS Score
7.15%
Published
2010-11-16
Updated
2010-12-11
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary.
Max CVSS
6.8
EPSS Score
7.83%
Published
2010-11-16
Updated
2011-07-02
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file.
Max CVSS
6.8
EPSS Score
6.25%
Published
2010-11-16
Updated
2010-12-11
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file.
Max CVSS
6.8
EPSS Score
7.99%
Published
2010-11-16
Updated
2010-12-11
Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.
Max CVSS
6.8
EPSS Score
2.53%
Published
2010-11-16
Updated
2010-12-18
QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file.
Max CVSS
6.8
EPSS Score
2.15%
Published
2010-11-16
Updated
2011-10-21
Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document.
Max CVSS
6.8
EPSS Score
2.07%
Published
2010-11-16
Updated
2011-10-21
The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls.
Max CVSS
5.0
EPSS Score
0.24%
Published
2010-11-16
Updated
2010-12-10
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
Max CVSS
9.8
EPSS Score
69.07%
Published
2010-11-05
Updated
2024-02-02
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.
Max CVSS
6.8
EPSS Score
1.79%
Published
2010-08-19
Updated
2023-02-13
FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
Max CVSS
6.8
EPSS Score
2.28%
Published
2010-08-19
Updated
2021-04-06
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.
Max CVSS
6.8
EPSS Score
0.35%
Published
2010-08-19
Updated
2023-02-13
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
Max CVSS
6.8
EPSS Score
0.41%
Published
2010-08-19
Updated
2021-04-06
Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2010-09-29
Updated
2010-09-30
Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
Max CVSS
5.1
EPSS Score
0.48%
Published
2010-08-19
Updated
2021-03-23
Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file.
Max CVSS
6.8
EPSS Score
0.43%
Published
2010-08-19
Updated
2023-02-13
Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
Max CVSS
6.8
EPSS Score
1.56%
Published
2010-08-19
Updated
2023-02-13
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.
Max CVSS
6.8
EPSS Score
0.43%
Published
2010-08-19
Updated
2021-04-06