Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
Max CVSS
7.8
EPSS Score
0.10%
Published
2019-11-04
Updated
2019-11-07
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
Max CVSS
7.8
EPSS Score
0.10%
Published
2019-11-04
Updated
2019-11-06
Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-11-04
Updated
2019-11-05
A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.
Max CVSS
8.8
EPSS Score
0.76%
Published
2019-12-03
Updated
2020-02-03
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
Max CVSS
7.8
EPSS Score
0.55%
Published
2017-04-12
Updated
2018-10-30
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
Max CVSS
7.8
EPSS Score
0.38%
Published
2017-04-12
Updated
2018-10-30
Stack-based buffer overflow in game-music-emu before 0.6.1.
Max CVSS
7.8
EPSS Score
0.14%
Published
2017-04-12
Updated
2018-10-30
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
Max CVSS
9.8
EPSS Score
1.38%
Published
2017-05-23
Updated
2022-08-16
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
Max CVSS
8.8
EPSS Score
1.35%
Published
2017-05-23
Updated
2022-08-16
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Max CVSS
9.8
EPSS Score
1.16%
Published
2017-05-23
Updated
2022-08-16
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Max CVSS
8.8
EPSS Score
1.35%
Published
2017-05-23
Updated
2022-08-16
The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.
Max CVSS
7.8
EPSS Score
1.78%
Published
2017-01-27
Updated
2019-12-31
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297.
Max CVSS
7.5
EPSS Score
1.39%
Published
2017-01-27
Updated
2018-10-30
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
Max CVSS
9.8
EPSS Score
0.80%
Published
2016-12-12
Updated
2022-06-01
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
Max CVSS
8.8
EPSS Score
0.56%
Published
2017-02-15
Updated
2021-04-28
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
Max CVSS
7.8
EPSS Score
0.65%
Published
2017-02-15
Updated
2018-10-30
The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
Max CVSS
7.8
EPSS Score
0.59%
Published
2017-02-15
Updated
2018-10-30
The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
Max CVSS
7.8
EPSS Score
0.76%
Published
2017-02-15
Updated
2018-10-30
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.
Max CVSS
7.5
EPSS Score
1.17%
Published
2017-02-15
Updated
2018-10-30
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
Max CVSS
8.8
EPSS Score
0.44%
Published
2017-02-15
Updated
2021-04-20
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.
Max CVSS
7.5
EPSS Score
1.80%
Published
2017-03-03
Updated
2018-10-30
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."
Max CVSS
7.5
EPSS Score
1.48%
Published
2017-03-03
Updated
2020-10-14
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
Max CVSS
7.5
EPSS Score
3.32%
Published
2017-02-06
Updated
2019-04-12
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
Max CVSS
7.5
EPSS Score
1.55%
Published
2017-02-06
Updated
2019-04-12
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
Max CVSS
7.8
EPSS Score
2.29%
Published
2017-02-06
Updated
2019-04-12