CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-119

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000377 119 Overflow Bypass 2017-06-19 2017-07-05
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time).
2 CVE-2017-1000376 119 Exec Code Overflow 2017-06-19 2017-11-03
6.9
None Local Medium Not required Complete Complete Complete
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.
3 CVE-2017-1000375 119 Exec Code Overflow 2017-06-19 2017-08-11
7.5
None Remote Low Not required Partial Partial Partial
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.
4 CVE-2017-1000366 119 Exec Code Overflow 2017-06-19 2017-11-03
7.2
None Local Low Not required Complete Complete Complete
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
5 CVE-2017-1000364 119 Overflow Bypass 2017-06-19 2017-11-03
6.2
None Local High Not required Complete Complete Complete
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
6 CVE-2017-1000257 119 Overflow 2017-10-31 2017-12-01
6.4
None Remote Low Not required Partial None Partial
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.
7 CVE-2017-1000254 119 Overflow 2017-10-06 2017-11-03
5.0
None Remote Low Not required None None Partial
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.
8 CVE-2017-1000253 119 Overflow 2017-10-04 2017-12-08
7.2
None Local Low Not required Complete Complete Complete
Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary.
9 CVE-2017-1000251 119 Exec Code Overflow 2017-09-12 2017-12-08
8.3
Admin Local Network Low Not required Complete Complete Complete
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
10 CVE-2017-1000249 119 Overflow 2017-09-11 2017-11-07
2.1
None Local Low Not required None Partial None
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).
11 CVE-2017-1000218 119 DoS Exec Code Overflow 2017-11-16 2017-11-30
7.5
None Remote Low Not required Partial Partial Partial
LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution.
12 CVE-2017-1000210 119 DoS Exec Code Overflow 2017-11-16 2017-11-29
7.5
None Remote Low Not required Partial Partial Partial
picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack
13 CVE-2017-1000206 119 Exec Code Overflow 2017-11-17 2017-12-01
7.5
None Remote Low Not required Partial Partial Partial
samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution
14 CVE-2017-1000198 119 DoS Overflow 2017-11-16 2017-12-01
5.0
None Remote Low Not required None None Partial
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service
15 CVE-2017-1000187 119 Overflow 2017-11-16 2017-11-27
4.3
None Remote Medium Not required None None Partial
In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()
16 CVE-2017-1000186 119 Overflow 2017-11-16 2017-11-27
4.3
None Remote Medium Not required None None Partial
In SWFTools, a stack overflow was found in pdf2swf.
17 CVE-2017-1000185 119 Overflow 2017-11-16 2017-11-27
4.3
None Remote Medium Not required None None Partial
In SWFTools, a memcpy buffer overflow was found in gif2swf.
18 CVE-2017-1000182 119 Overflow 2017-11-16 2017-11-27
4.3
None Remote Medium Not required None None Partial
In SWFTools, a memory leak was found in wav2swf.
19 CVE-2017-1000176 119 Overflow 2017-11-16 2017-11-27
4.3
None Remote Medium Not required None None Partial
In SWFTools, a memcpy buffer overflow was found in swfc.
20 CVE-2017-1000174 119 Overflow 2017-11-16 2017-11-27
4.3
None Remote Medium Not required None None Partial
In SWFTools, an address access exception was found in swfdump swf_GetBits().
21 CVE-2017-1000173 119 Exec Code Overflow 2017-11-16 2017-11-30
7.5
None Remote Low Not required Partial Partial Partial
Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join is called on the data it will read past a buffer resulting in a Heap-Buffer-Overflow.
22 CVE-2017-1000158 119 Exec Code Overflow 2017-11-17 2017-12-03
7.5
None Remote Low Not required Partial Partial Partial
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
23 CVE-2017-1000127 119 Overflow 2017-11-17 2017-11-29
4.3
None Remote Medium Not required None None Partial
Exiv2 0.26 contains a heap buffer overflow in tiff parser
24 CVE-2017-1000118 119 DoS Overflow 2017-10-04 2017-10-13
5.0
None Remote Low Not required None None Partial
Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service
25 CVE-2017-1000101 119 Overflow 2017-10-04 2017-11-13
4.3
None Remote Medium Not required Partial None None
curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.
26 CVE-2017-1000075 119 Overflow 2017-07-17 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function
27 CVE-2017-1000074 119 Overflow 2017-07-17 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function.
28 CVE-2017-1000073 119 Exec Code Overflow 2017-07-17 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution.
29 CVE-2017-1000044 119 Overflow Mem. Corr. 2017-07-17 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering
30 CVE-2017-16938 119 Overflow 2017-11-24 2017-12-09
6.8
None Remote Medium Not required Partial Partial Partial
A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file.
31 CVE-2017-16931 119 Overflow 2017-11-23 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
32 CVE-2017-16898 119 DoS Overflow 2017-11-20 2017-12-07
4.3
None Remote Medium Not required None None Partial
The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a different vulnerability than CVE-2016-9264.
33 CVE-2017-16892 119 Overflow 2017-11-19 2017-12-04
5.0
None Remote Low Not required None None Partial
In Bftpd before 4.7, there is a memory leak in the file rename function.
34 CVE-2017-16879 119 DoS Exec Code Overflow 2017-11-22 2017-12-06
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.
35 CVE-2017-16872 119 Overflow 2017-11-17 2017-12-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will lead to a potential exploit using carefully crafted invalid values.
36 CVE-2017-16869 119 DoS Overflow 2017-11-17 2017-12-05
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever."
37 CVE-2017-16844 119 DoS Exec Code Overflow 2017-11-16 2017-12-02
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
38 CVE-2017-16827 119 DoS Overflow 2017-11-15 2017-11-30
6.8
None Remote Medium Not required Partial Partial Partial
The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.
39 CVE-2017-16826 119 DoS Overflow 2017-11-15 2017-11-30
6.8
None Remote Medium Not required Partial Partial Partial
The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.
40 CVE-2017-16803 119 DoS Overflow 2017-11-13 2017-11-28
5.0
None Remote Low Not required None None Partial
In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream.
41 CVE-2017-16797 119 DoS Overflow 2017-11-12 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file.
42 CVE-2017-16796 119 DoS Overflow 2017-11-12 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file.
43 CVE-2017-16794 119 DoS Overflow 2017-11-12 2017-11-27
4.3
None Remote Medium Not required None None Partial
The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf.
44 CVE-2017-16793 119 DoS Overflow 2017-11-12 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.
45 CVE-2017-16672 119 Overflow 2017-11-08 2017-12-04
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.
46 CVE-2017-16671 119 Overflow 2017-11-08 2017-12-04
6.5
None Remote Low Single system Partial Partial Partial
A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.
47 CVE-2017-16669 119 DoS Overflow 2017-11-08 2017-11-28
6.8
None Remote Medium Not required Partial Partial Partial
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.
48 CVE-2017-16548 119 DoS Overflow 2017-11-06 2017-11-28
7.5
None Remote Low Not required Partial Partial Partial
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.
49 CVE-2017-16546 119 DoS Overflow 2017-11-05 2017-11-18
6.8
None Remote Medium Not required Partial Partial Partial
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
50 CVE-2017-16534 119 DoS Overflow 2017-11-03 2017-11-17
7.2
None Local Low Not required Complete Complete Complete
The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.