Security Vulnerabilities, CVEs, Published In November 2018 (Denial of service)
There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service.
Max CVSS
5.5
EPSS Score
0.05%
Published
2018-11-30
Updated
2018-12-26
There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact.
Max CVSS
7.8
EPSS Score
0.07%
Published
2018-11-30
Updated
2020-08-24
There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service.
Max CVSS
5.5
EPSS Score
0.05%
Published
2018-11-30
Updated
2018-12-26
There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service.
Max CVSS
5.5
EPSS Score
0.05%
Published
2018-11-30
Updated
2018-12-26
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
Max CVSS
6.5
EPSS Score
0.18%
Published
2018-11-30
Updated
2020-10-29
There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.
Max CVSS
6.5
EPSS Score
0.07%
Published
2018-11-30
Updated
2018-12-26
There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.
Max CVSS
5.5
EPSS Score
0.05%
Published
2018-11-30
Updated
2018-12-26
There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.
Max CVSS
5.5
EPSS Score
0.06%
Published
2018-11-30
Updated
2018-12-21
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.
Max CVSS
8.1
EPSS Score
0.35%
Published
2018-11-29
Updated
2020-10-29
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service.
Max CVSS
6.5
EPSS Score
0.18%
Published
2018-11-29
Updated
2020-10-29
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
Max CVSS
8.8
EPSS Score
0.78%
Published
2018-11-29
Updated
2020-08-24
Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
Max CVSS
6.5
EPSS Score
0.40%
Published
2018-11-27
Updated
2019-08-06
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.
Max CVSS
6.5
EPSS Score
0.15%
Published
2018-11-26
Updated
2020-04-15
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.
Max CVSS
6.5
EPSS Score
0.19%
Published
2018-11-26
Updated
2020-08-24
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.
Max CVSS
6.5
EPSS Score
0.34%
Published
2018-11-26
Updated
2023-01-13
A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.
Max CVSS
8.8
EPSS Score
0.31%
Published
2018-11-26
Updated
2018-12-19
TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp.
Max CVSS
10.0
EPSS Score
0.69%
Published
2018-11-26
Updated
2018-12-19
In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c).
Max CVSS
6.5
EPSS Score
0.85%
Published
2018-11-29
Updated
2022-11-29
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.
Max CVSS
6.5
EPSS Score
0.13%
Published
2018-11-22
Updated
2019-06-10
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.
Max CVSS
5.5
EPSS Score
0.04%
Published
2018-11-21
Updated
2019-03-21
kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized.
Max CVSS
5.5
EPSS Score
0.04%
Published
2018-11-21
Updated
2018-12-19
ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.
Max CVSS
7.5
EPSS Score
0.10%
Published
2018-11-20
Updated
2019-10-03
ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell").
Max CVSS
7.5
EPSS Score
0.10%
Published
2018-11-20
Updated
2018-12-27
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via TIFF data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue.
Max CVSS
5.5
EPSS Score
0.08%
Published
2018-11-20
Updated
2018-12-11
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via BMP data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue.
Max CVSS
5.5
EPSS Score
0.08%
Published
2018-11-20
Updated
2018-12-11