Fedoraproject » Fedora » 25 : Security Vulnerabilities, CVEs, Published In 2016 (Overflow)
Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.
Max CVSS
9.8
EPSS Score
1.36%
Published
2016-12-13
Updated
2017-07-01
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.
Max CVSS
9.8
EPSS Score
0.75%
Published
2016-12-13
Updated
2020-08-27
Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.
Max CVSS
9.8
EPSS Score
0.97%
Published
2016-12-13
Updated
2017-07-01
Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.
Max CVSS
7.5
EPSS Score
0.89%
Published
2016-12-13
Updated
2017-07-01
Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.
Max CVSS
9.8
EPSS Score
0.91%
Published
2016-12-13
Updated
2017-07-01
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.
Max CVSS
9.8
EPSS Score
1.48%
Published
2016-10-07
Updated
2018-11-13
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
Max CVSS
7.8
EPSS Score
1.10%
Published
2016-09-21
Updated
2022-04-07
The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.
Max CVSS
9.8
EPSS Score
0.66%
Published
2016-12-13
Updated
2017-07-01
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.
Max CVSS
8.8
EPSS Score
3.16%
Published
2016-09-11
Updated
2018-10-30
9 vulnerabilities found