Security Vulnerabilities, CVEs, Published In July 2018 (Denial of service)
FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.
Max CVSS
6.5
EPSS Score
0.17%
Published
2018-07-23
Updated
2018-09-19
Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack).
Max CVSS
7.5
EPSS Score
0.13%
Published
2018-07-09
Updated
2018-09-08
ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network..
Max CVSS
7.5
EPSS Score
0.09%
Published
2018-07-09
Updated
2020-08-24
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potentially the execution of arbitrary code.
Max CVSS
9.8
EPSS Score
83.21%
Published
2018-07-31
Updated
2018-10-04
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
Max CVSS
7.8
EPSS Score
0.06%
Published
2018-07-29
Updated
2019-04-23
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
Max CVSS
6.5
EPSS Score
0.93%
Published
2018-07-28
Updated
2021-04-26
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.
Max CVSS
7.8
EPSS Score
0.04%
Published
2018-07-28
Updated
2023-02-24
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow.
Max CVSS
7.5
EPSS Score
0.12%
Published
2018-07-27
Updated
2019-10-03
wancms 1.0 through 5.0 allows remote attackers to cause a denial of service (resource consumption) via a checkcode (aka verification code) URI in which the values of font_size, width, and height are large numbers.
Max CVSS
7.5
EPSS Score
0.25%
Published
2018-07-25
Updated
2019-10-03
There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.
Max CVSS
5.5
EPSS Score
0.06%
Published
2018-07-23
Updated
2018-09-19
There exists one invalid memory read bug in AP4_SampleDescription::GetFormat() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.
Max CVSS
5.5
EPSS Score
0.06%
Published
2018-07-23
Updated
2018-09-19
There exists one NULL pointer dereference vulnerability in AP4_JsonInspector::AddField in Ap4Atom.cpp in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp4dump.
Max CVSS
5.5
EPSS Score
0.06%
Published
2018-07-23
Updated
2018-09-19
dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.
Max CVSS
6.5
EPSS Score
0.11%
Published
2018-07-20
Updated
2018-08-24
MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted MP4 file.
Max CVSS
8.8
EPSS Score
1.31%
Published
2018-07-20
Updated
2023-04-11
In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file.
Max CVSS
6.5
EPSS Score
0.12%
Published
2018-07-20
Updated
2019-10-03
get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV).
Max CVSS
6.5
EPSS Score
0.10%
Published
2018-07-20
Updated
2018-08-23
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
Max CVSS
7.5
EPSS Score
0.42%
Published
2018-07-19
Updated
2020-09-09
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
Max CVSS
7.5
EPSS Score
2.92%
Published
2018-07-19
Updated
2020-09-10
libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format.
Max CVSS
6.5
EPSS Score
0.19%
Published
2018-07-19
Updated
2021-02-05
libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file.
Max CVSS
6.5
EPSS Score
0.08%
Published
2018-07-19
Updated
2019-01-08
MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4 file, because access to the data structure has different expectations about layout as a result of this type confusion.
Max CVSS
8.8
EPSS Score
0.99%
Published
2018-07-18
Updated
2023-04-11
TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.
Max CVSS
7.5
EPSS Score
7.90%
Published
2018-07-19
Updated
2018-09-18
The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.
Max CVSS
7.5
EPSS Score
0.17%
Published
2018-07-13
Updated
2019-10-03
The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.
Max CVSS
7.5
EPSS Score
0.17%
Published
2018-07-13
Updated
2019-10-03
The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new.
Max CVSS
5.5
EPSS Score
0.09%
Published
2018-07-12
Updated
2020-10-15