Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
Max CVSS
7.8
EPSS Score
0.10%
Published
2019-11-04
Updated
2019-11-07
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
Max CVSS
7.8
EPSS Score
0.10%
Published
2019-11-04
Updated
2019-11-06
Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-11-04
Updated
2019-11-05
A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.
Max CVSS
8.8
EPSS Score
0.76%
Published
2019-12-03
Updated
2020-02-03
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
Max CVSS
7.8
EPSS Score
0.55%
Published
2017-04-12
Updated
2018-10-30
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
Max CVSS
7.8
EPSS Score
0.38%
Published
2017-04-12
Updated
2018-10-30
Stack-based buffer overflow in game-music-emu before 0.6.1.
Max CVSS
7.8
EPSS Score
0.14%
Published
2017-04-12
Updated
2018-10-30
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
Max CVSS
9.8
EPSS Score
1.38%
Published
2017-05-23
Updated
2022-08-16
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
Max CVSS
8.8
EPSS Score
1.35%
Published
2017-05-23
Updated
2022-08-16
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Max CVSS
9.8
EPSS Score
1.16%
Published
2017-05-23
Updated
2022-08-16
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Max CVSS
8.8
EPSS Score
1.35%
Published
2017-05-23
Updated
2022-08-16
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
Max CVSS
5.5
EPSS Score
0.77%
Published
2017-03-01
Updated
2018-10-30
The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.
Max CVSS
7.8
EPSS Score
1.78%
Published
2017-01-27
Updated
2019-12-31
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297.
Max CVSS
7.5
EPSS Score
1.39%
Published
2017-01-27
Updated
2018-10-30
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
Max CVSS
9.8
EPSS Score
0.80%
Published
2016-12-12
Updated
2022-06-01
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
Max CVSS
8.8
EPSS Score
0.56%
Published
2017-02-15
Updated
2021-04-28
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
Max CVSS
7.8
EPSS Score
0.65%
Published
2017-02-15
Updated
2018-10-30
The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
Max CVSS
7.8
EPSS Score
0.59%
Published
2017-02-15
Updated
2018-10-30
The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
Max CVSS
7.8
EPSS Score
0.76%
Published
2017-02-15
Updated
2018-10-30
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.
Max CVSS
7.5
EPSS Score
1.17%
Published
2017-02-15
Updated
2018-10-30
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
Max CVSS
8.8
EPSS Score
0.44%
Published
2017-02-15
Updated
2021-04-20
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.
Max CVSS
5.5
EPSS Score
0.57%
Published
2017-02-03
Updated
2018-10-30
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.
Max CVSS
5.5
EPSS Score
0.56%
Published
2017-02-03
Updated
2018-10-30
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.
Max CVSS
7.5
EPSS Score
1.80%
Published
2017-03-03
Updated
2018-10-30
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."
Max CVSS
7.5
EPSS Score
1.48%
Published
2017-03-03
Updated
2020-10-14