Opensuse » Opensuse » 13.2 : Security Vulnerabilities
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
| Max Base Score | 7.8 |
| Published | 2019-11-04 |
| Updated | 2019-11-07 |
| EPSS | 0.10% |
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
| Max Base Score | 7.8 |
| Published | 2019-11-04 |
| Updated | 2019-11-06 |
| EPSS | 0.10% |
Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
| Max Base Score | 7.8 |
| Published | 2019-11-04 |
| Updated | 2019-11-05 |
| EPSS | 0.04% |
A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.
| Max Base Score | 8.8 |
| Published | 2019-12-03 |
| Updated | 2020-02-03 |
| EPSS | 0.76% |
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
| Max Base Score | 9.8 |
| Published | 2017-05-23 |
| Updated | 2022-08-16 |
| EPSS | 0.12% |
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
| Max Base Score | 8.8 |
| Published | 2017-05-23 |
| Updated | 2022-08-16 |
| EPSS | 0.15% |
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
| Max Base Score | 9.8 |
| Published | 2017-05-23 |
| Updated | 2022-08-16 |
| EPSS | 0.13% |
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
| Max Base Score | 8.8 |
| Published | 2017-05-23 |
| Updated | 2022-08-16 |
| EPSS | 0.15% |
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
| Max Base Score | 5.5 |
| Published | 2017-03-01 |
| Updated | 2018-10-30 |
| EPSS | 0.77% |
The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.
| Max Base Score | 7.8 |
| Published | 2017-01-27 |
| Updated | 2019-12-31 |
| EPSS | 1.78% |
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297.
| Max Base Score | 7.5 |
| Published | 2017-01-27 |
| Updated | 2018-10-30 |
| EPSS | 1.38% |
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
| Max Base Score | 9.8 |
| Published | 2016-12-12 |
| Updated | 2022-06-01 |
| EPSS | 0.70% |
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
| Max Base Score | 8.8 |
| Published | 2017-02-15 |
| Updated | 2021-04-28 |
| EPSS | 0.56% |
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
| Max Base Score | 7.8 |
| Published | 2017-02-15 |
| Updated | 2018-10-30 |
| EPSS | 0.65% |
The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
| Max Base Score | 7.8 |
| Published | 2017-02-15 |
| Updated | 2018-10-30 |
| EPSS | 0.59% |
The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
| Max Base Score | 7.8 |
| Published | 2017-02-15 |
| Updated | 2018-10-30 |
| EPSS | 0.76% |
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.
| Max Base Score | 7.5 |
| Published | 2017-02-15 |
| Updated | 2018-10-30 |
| EPSS | 1.00% |
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
| Max Base Score | 8.8 |
| Published | 2017-02-15 |
| Updated | 2021-04-20 |
| EPSS | 0.44% |
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.
| Max Base Score | 5.5 |
| Published | 2017-02-03 |
| Updated | 2018-10-30 |
| EPSS | 0.38% |
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.
| Max Base Score | 5.5 |
| Published | 2017-02-03 |
| Updated | 2018-10-30 |
| EPSS | 0.37% |
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.
| Max Base Score | 7.5 |
| Published | 2017-03-03 |
| Updated | 2018-10-30 |
| EPSS | 1.25% |
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."
| Max Base Score | 7.5 |
| Published | 2017-03-03 |
| Updated | 2020-10-14 |
| EPSS | 1.28% |
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
| Max Base Score | 7.5 |
| Published | 2017-02-06 |
| Updated | 2019-04-12 |
| EPSS | 2.39% |
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
| Max Base Score | 4.9 |
| Published | 2016-12-23 |
| Updated | 2018-10-30 |
| EPSS | 0.15% |
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
| Max Base Score | 7.5 |
| Published | 2017-02-06 |
| Updated | 2019-04-12 |
| EPSS | 1.10% |