Debian » Debian Linux » 8.0 : Security Vulnerabilities, CVEs, Published In 2017 (Denial of service)
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
Max CVSS
7.4
EPSS Score
0.25%
Published
2017-12-11
Updated
2019-05-14
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
Max CVSS
7.8
EPSS Score
0.16%
Published
2017-11-17
Updated
2019-05-06
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
Max CVSS
7.5
EPSS Score
0.16%
Published
2017-12-27
Updated
2019-10-03
An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.
Max CVSS
7.5
EPSS Score
0.51%
Published
2017-12-27
Updated
2018-02-04
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-12-20
Updated
2023-01-19
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
Max CVSS
9.8
EPSS Score
2.25%
Published
2017-12-08
Updated
2021-02-03
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.
Max CVSS
7.8
EPSS Score
1.01%
Published
2017-12-06
Updated
2019-10-03
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-11-24
Updated
2023-01-19
An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.
Max CVSS
7.1
EPSS Score
0.07%
Published
2017-11-20
Updated
2017-12-11
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.
Max CVSS
8.8
EPSS Score
0.88%
Published
2017-11-09
Updated
2020-01-27
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.
Max CVSS
9.8
EPSS Score
8.67%
Published
2017-11-06
Updated
2020-05-01
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
Max CVSS
8.8
EPSS Score
2.14%
Published
2017-11-05
Updated
2020-10-22
drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-11-04
Updated
2023-01-19
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
Max CVSS
7.5
EPSS Score
1.12%
Published
2017-10-29
Updated
2017-11-18
Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes.
Max CVSS
7.5
EPSS Score
0.88%
Published
2017-11-15
Updated
2019-10-03
There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
Max CVSS
5.5
EPSS Score
0.08%
Published
2017-10-16
Updated
2021-06-24
There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
Max CVSS
5.5
EPSS Score
0.15%
Published
2017-10-16
Updated
2021-06-24
There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
Max CVSS
5.5
EPSS Score
0.08%
Published
2017-10-16
Updated
2021-06-24
GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.
Max CVSS
7.1
EPSS Score
1.06%
Published
2017-10-04
Updated
2019-06-30
ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.
Max CVSS
6.5
EPSS Score
0.41%
Published
2017-10-04
Updated
2019-06-30
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.
Max CVSS
7.5
EPSS Score
0.17%
Published
2017-10-02
Updated
2019-05-03
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.
Max CVSS
7.5
EPSS Score
0.20%
Published
2017-10-02
Updated
2019-05-03
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.
Max CVSS
7.5
EPSS Score
0.12%
Published
2017-10-02
Updated
2019-05-03
ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
Max CVSS
6.5
EPSS Score
0.72%
Published
2017-09-25
Updated
2019-10-03
In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.
Max CVSS
6.5
EPSS Score
0.55%
Published
2017-09-21
Updated
2020-10-29