Canonical : Security Vulnerabilities, CVEs, Published In December 2017 CVSS score >= 3
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
Max CVSS
7.4
EPSS Score
0.25%
Published
2017-12-11
Updated
2019-05-14
ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.
Max CVSS
6.5
EPSS Score
0.24%
Published
2017-12-27
Updated
2019-10-03
In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.
Max CVSS
7.1
EPSS Score
0.45%
Published
2017-12-27
Updated
2020-09-08
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.
Max CVSS
6.5
EPSS Score
0.09%
Published
2017-12-27
Updated
2019-10-03
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2017-12-27
Updated
2019-10-03
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2017-12-27
Updated
2019-10-03
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2017-12-27
Updated
2019-10-03
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2017-12-27
Updated
2019-10-03
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2017-12-27
Updated
2019-10-03
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.
Max CVSS
8.8
EPSS Score
0.75%
Published
2017-12-27
Updated
2019-10-03
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.
Max CVSS
5.5
EPSS Score
0.08%
Published
2017-12-21
Updated
2022-08-02
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.
Max CVSS
5.5
EPSS Score
0.38%
Published
2017-12-21
Updated
2022-08-02
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.
Max CVSS
7.5
EPSS Score
0.13%
Published
2017-12-21
Updated
2019-10-03
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.
Max CVSS
5.5
EPSS Score
0.08%
Published
2017-12-21
Updated
2022-08-02
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.
Max CVSS
5.5
EPSS Score
0.16%
Published
2017-12-21
Updated
2019-03-26
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.
Max CVSS
5.5
EPSS Score
0.38%
Published
2017-12-21
Updated
2019-03-26
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.
Max CVSS
5.5
EPSS Score
0.16%
Published
2017-12-21
Updated
2019-03-26
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.
Max CVSS
5.5
EPSS Score
0.16%
Published
2017-12-21
Updated
2019-03-26
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.
Max CVSS
5.5
EPSS Score
0.38%
Published
2017-12-21
Updated
2019-10-03
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.
Max CVSS
5.5
EPSS Score
0.15%
Published
2017-12-21
Updated
2019-03-26
In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.
Max CVSS
5.5
EPSS Score
0.48%
Published
2017-12-21
Updated
2019-03-26
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-12-20
Updated
2023-01-19
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-12-20
Updated
2023-01-19
In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.
Max CVSS
7.8
EPSS Score
0.14%
Published
2017-12-20
Updated
2022-02-07
In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.
Max CVSS
5.5
EPSS Score
0.16%
Published
2017-12-20
Updated
2022-02-07