CVEs from 2016
Total
8,453
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4488 | medium | 5.5 | 5.5 | 9y ago | Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec." | |||
| CVE-2016-4487 | medium | 5.5 | 5.5 | 9y ago | Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec." | |||
| CVE-2016-9378 | medium | 5.5 | 5.5 | 9y ago | Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest cra… | |||
| CVE-2016-9377 | medium | 5.5 | 5.5 | 9y ago | Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest cra… | |||
| CVE-2016-7761 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "WiFi" component, which allows local users to obtain sensitive network-configuration inform… | |||
| CVE-2016-7666 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. Transporter before 1.9.2 is affected. The issue involves the "iTMSTransporter" component, which allows attackers to obtain sensitive information via… | |||
| CVE-2016-7665 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Graphics Driver" component, which allows remote attackers to cause a denial of service via a cr… | |||
| CVE-2016-7628 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Assets" component, which allows local users to bypass intended permission restrictions and… | |||
| CVE-2016-7619 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "libarchive" component, whic… | |||
| CVE-2016-7615 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which al… | |||
| CVE-2016-7614 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iCloud before 6.1 is affected. The issue involves the "Windows Security" component. It allows local users to obtain sensitive information from iClou… | |||
| CVE-2016-7607 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which al… | |||
| CVE-2016-7605 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to cause a denial of service (NULL pointer deref… | |||
| CVE-2016-7604 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "CoreCapture" component. It allows local users to cause a denial of service (NULL pointer d… | |||
| CVE-2016-7603 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "CoreStorage" component. It allows local users to cause a denial of service (NULL pointer d… | |||
| CVE-2016-4680 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows at… | |||
| CVE-2016-4679 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th… | |||
| CVE-2016-4663 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to cause a denial of service (memo… | |||
| CVE-2016-4661 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ntfs" component, which misparses disk images and allows attackers to cause a denial of ser… | |||
| CVE-2016-7511 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2016-5031 | medium | 5.5 | 5.5 | 9y ago | The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||
| CVE-2016-9828 | medium | 5.5 | 5.5 | 9y ago | The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file. | |||
| CVE-2016-9827 | medium | 5.5 | 5.5 | 9y ago | The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file. | |||
| CVE-2016-9773 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a craft… | |||
| CVE-2016-8681 | medium | 5.5 | 5.5 | 9y ago | The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on … | |||
| CVE-2016-8678 | medium | 5.5 | 5.5 | 9y ago | The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the… | |||
| CVE-2016-8676 | medium | 5.5 | 5.5 | 9y ago | The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file. NOTE: this issue exists due to an … | |||
| CVE-2016-8675 | medium | 5.5 | 5.5 | 9y ago | The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcod… | |||
| CVE-2016-8674 | medium | 5.5 | 5.5 | 9y ago | The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file. | |||
| CVE-2016-7499 | medium | 5.5 | 5.5 | 9y ago | The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file. | |||
| CVE-2016-7477 | medium | 5.5 | 5.5 | 9y ago | The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted mp3 file. NOTE: this issue wa… | |||
| CVE-2016-7393 | medium | 5.5 | 5.5 | 9y ago | Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||
| CVE-2016-7392 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted… | |||
| CVE-2016-8944 | medium | 5.5 | 5.5 | 9y ago | IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234. | |||
| CVE-2016-8692 | medium | 5.5 | 5.5 | 9y ago | The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YR… | |||
| CVE-2016-8691 | medium | 5.5 | 5.5 | 9y ago | The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XR… | |||
| CVE-2016-8690 | medium | 5.5 | 5.5 | 9y ago | The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo comm… | |||
| CVE-2016-8688 | medium | 5.5 | 5.5 | 9y ago | The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which trig… | |||
| CVE-2016-6832 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing. | |||
| CVE-2016-9354 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption. | |||
| CVE-2016-4546 | medium | 5.5 | 5.5 | 9y ago | Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call. | |||
| CVE-2016-10198 | medium | 5.5 | 5.5 | 9y ago | The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and … | |||
| CVE-2016-0203 | medium | 5.5 | 5.5 | 9y ago | A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual … | |||
| CVE-2016-3020 | medium | 5.5 | 5.5 | 9y ago | IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specia… | |||
| CVE-2016-9532 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. | |||
| CVE-2016-5102 | medium | 5.5 | 5.5 | 9y ago | Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file. | |||
| CVE-2016-10154 | medium | 5.5 | 5.5 | 9y ago | The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (sys… | |||
| CVE-2016-4797 | medium | 5.5 | 5.5 | 10y ago | Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE:… | |||
| CVE-2016-4796 | medium | 5.5 | 5.5 | 10y ago | Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. | |||
| CVE-2016-3183 | medium | 5.5 | 5.5 | 10y ago | The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file. | |||
| CVE-2016-9642 | medium | 5.5 | 5.5 | 10y ago | JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file. | |||
| CVE-2016-9082 | medium | 5.5 | 5.5 | 10y ago | Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file. | |||
| CVE-2016-8569 | medium | 5.5 | 5.5 | 10y ago | The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. | |||
| CVE-2016-8568 | medium | 5.5 | 5.5 | 10y ago | The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. | |||
| CVE-2016-6163 | medium | 5.5 | 5.5 | 10y ago | The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file. | |||
| CVE-2016-5241 | medium | 5.5 | 5.5 | 10y ago | magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file. | |||
| CVE-2016-5115 | medium | 5.5 | 5.5 | 10y ago | The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file. | |||
| CVE-2016-4571 | medium | 5.5 | 5.5 | 10y ago | The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. | |||
| CVE-2016-4570 | medium | 5.5 | 5.5 | 10y ago | The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. | |||
| CVE-2016-4352 | medium | 5.5 | 5.5 | 10y ago | Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file. | |||
| CVE-2016-2318 | medium | 5.5 | 5.5 | 10y ago | GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartEle… | |||
| CVE-2016-2317 | medium | 5.5 | 5.5 | 10y ago | Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) G… | |||
| CVE-2016-6238 | medium | 5.5 | 5.5 | 10y ago | The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file. | |||
| CVE-2016-6237 | medium | 5.5 | 5.5 | 10y ago | The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file. | |||
| CVE-2016-6236 | medium | 5.5 | 5.5 | 10y ago | The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file. | |||
| CVE-2016-6235 | medium | 5.5 | 5.5 | 10y ago | The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file. | |||
| CVE-2016-6234 | medium | 5.5 | 5.5 | 10y ago | The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file. | |||
| CVE-2016-8963 | medium | 5.5 | 5.5 | 10y ago | IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. | |||
| CVE-2016-2941 | medium | 5.5 | 5.5 | 10y ago | IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user. | |||
| CVE-2016-8967 | medium | 5.5 | 5.5 | 10y ago | IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. | |||
| CVE-2016-0371 | medium | 5.5 | 5.5 | 10y ago | The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled. | |||
| CVE-2016-8981 | medium | 5.5 | 5.5 | 10y ago | IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system. | |||
| CVE-2016-8697 | medium | 5.5 | 5.5 | 10y ago | The bm_new function in bitmap.h in potrace before 1.13 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted BMP image. | |||
| CVE-2016-8696 | medium | 5.5 | 5.5 | 10y ago | The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulne… | |||
| CVE-2016-8695 | medium | 5.5 | 5.5 | 10y ago | The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulne… | |||
| CVE-2016-8694 | medium | 5.5 | 5.5 | 10y ago | The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulne… | |||
| CVE-2016-8685 | medium | 5.5 | 5.5 | 10y ago | The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image. | |||
| CVE-2016-9039 | medium | 5.5 | 5.5 | 10y ago | An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An at… | |||
| CVE-2016-5434 | medium | 5.5 | 5.5 | 10y ago | libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file. | |||
| CVE-2016-5026 | medium | 5.5 | 5.5 | 10y ago | hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory. | |||
| CVE-2016-9298 | medium | 5.5 | 5.5 | 10y ago | Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted im… | |||
| CVE-2016-7569 | medium | 5.5 | 5.5 | 10y ago | Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image. | |||
| CVE-2016-5825 | medium | 5.5 | 5.5 | 10y ago | The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file. | |||
| CVE-2016-5824 | medium | 5.5 | 5.5 | 10y ago | libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. | |||
| CVE-2016-5823 | medium | 5.5 | 5.5 | 10y ago | The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. | |||
| CVE-2016-3996 | medium | 5.5 | 5.5 | 10y ago | ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application. | |||
| CVE-2016-1920 | medium | 5.5 | 5.5 | 10y ago | Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-in-the-middle attacks as demonstrated by installing a certificate and running a VPN service. | |||
| CVE-2016-9317 | medium | 5.5 | 5.5 | 10y ago | The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image. | |||
| CVE-2016-6911 | medium | 5.5 | 5.5 | 10y ago | The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. | |||
| CVE-2016-10025 | medium | 5.5 | 5.5 | 10y ago | VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging … | |||
| CVE-2016-9401 | medium | 5.5 | 5.5 | 10y ago | popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. | |||
| CVE-2016-7410 | medium | 5.5 | 5.5 | 10y ago | The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file. | |||
| CVE-2016-10147 | medium | 5.5 | 5.5 | 10y ago | crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm… | |||
| CVE-2016-9278 | medium | 5.5 | 5.5 | 10y ago | The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. The Samsung ID is SVE… | |||
| CVE-2016-9273 | medium | 5.5 | 5.5 | 10y ago | tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. | |||
| CVE-2016-7906 | medium | 5.5 | 5.5 | 10y ago | magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file. | |||
| CVE-2016-9810 | medium | 5.5 | 5.5 | 10y ago | The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) v… | |||
| CVE-2016-9807 | medium | 5.5 | 5.5 | 10y ago | The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file. | |||
| CVE-2016-8883 | medium | 5.5 | 5.5 | 10y ago | The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | |||
| CVE-2016-8882 | medium | 5.5 | 5.5 | 10y ago | The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. |