| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c. |
| Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 with software V200R002C00SPC100; Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500; LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S2350 with software V200R003C00SPC300; S2750 with software V200R003C00SPC300; S5300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S5700 with software V200R001C00SPC300,V200R003C00SPC300; S6300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S6700 S3300HI with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S7700 with software V200R001C00SPC300; S9300 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S9300E with software V200R003C00SPC300,V200R003C00SPC500 allow attackers to keep sending malformed packets to cause a denial of service (DoS) attack, aka a heap overflow. |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. |
| The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. |
| The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print(). |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If "ddp->params_length" is set to a big number, a buffer overflow will occur. |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing, where the font is embedded in the XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution. |
| XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at CADImage+0x0000000000288750." |
| XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation near NULL starting at Unknown Symbol @ 0x0000000000000000 called from CADImage+0x0000000000286a79." |
| A Stack-Based Buffer Overflow issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. The stack-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution. |
| A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads. This vulnerability affects Cisco NX-OS Software on the following Cisco devices when they are configured for FCoE: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches. More Information: CSCvc91729. Known Affected Releases: 8.3(0)CV(0.833). Known Fixed Releases: 8.3(0)ISH(0.62) 8.3(0)CV(0.944) 8.1(1) 8.1(0.8)S0 7.3(2)D1(0.47). |
| IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at CADIMAGE+0x00000000000042d5." |
| In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file. |
| A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability. |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data. |
| An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls Code Flow starting at CADIMAGE+0x000000000033228e." |
| A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32589224. |
| Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. |
| An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS). |
