CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3052 | medium | 5.5 | 5.5 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of EM… | |||
| CVE-2017-3046 | medium | 5.5 | 5.5 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to contiguous code-stre… | |||
| CVE-2017-3045 | medium | 5.5 | 5.5 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to the palette box. | |||
| CVE-2017-3043 | medium | 5.5 | 5.5 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality. | |||
| CVE-2017-0204 | medium | 5.5 | 5.5 | 9y ago | Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted docum… | |||
| CVE-2017-0194 | medium | 5.5 | 5.5 | 9y ago | Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Mi… | |||
| CVE-2017-7697 | medium | 5.5 | 5.5 | 9y ago | In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. | |||
| CVE-2017-7624 | medium | 5.5 | 5.5 | 9y ago | The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. | |||
| CVE-2017-7623 | medium | 5.5 | 5.5 | 9y ago | The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | |||
| CVE-2017-7616 | medium | 5.5 | 5.5 | 9y ago | Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stac… | |||
| CVE-2017-7613 | medium | 5.5 | 5.5 | 9y ago | elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | |||
| CVE-2017-7612 | medium | 5.5 | 5.5 | 9y ago | The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||
| CVE-2017-7611 | medium | 5.5 | 5.5 | 9y ago | The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||
| CVE-2017-7610 | medium | 5.5 | 5.5 | 9y ago | The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||
| CVE-2017-7609 | medium | 5.5 | 5.5 | 9y ago | elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | |||
| CVE-2017-7608 | medium | 5.5 | 5.5 | 9y ago | The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted… | |||
| CVE-2017-7607 | medium | 5.5 | 5.5 | 9y ago | The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||
| CVE-2017-7595 | medium | 5.5 | 5.5 | 9y ago | The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. | |||
| CVE-2017-7594 | medium | 5.5 | 5.5 | 9y ago | The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image. | |||
| CVE-2017-7593 | medium | 5.5 | 5.5 | 9y ago | tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. | |||
| CVE-2017-0560 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibi… | |||
| CVE-2017-0559 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used… | |||
| CVE-2017-0558 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be … | |||
| CVE-2017-0557 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because … | |||
| CVE-2017-0556 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because … | |||
| CVE-2017-0555 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in libavc in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it… | |||
| CVE-2017-0552 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due t… | |||
| CVE-2017-0551 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due t… | |||
| CVE-2017-0550 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due t… | |||
| CVE-2017-0549 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due t… | |||
| CVE-2017-0548 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibil… | |||
| CVE-2017-0547 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it i… | |||
| CVE-2017-7586 | medium | 5.5 | 5.5 | 9y ago | In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. | |||
| CVE-2017-7585 | medium | 5.5 | 5.5 | 9y ago | In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. | |||
| CVE-2017-7454 | medium | 5.5 | 5.5 | 9y ago | The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | |||
| CVE-2017-7453 | medium | 5.5 | 5.5 | 9y ago | The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-7452 | medium | 5.5 | 5.5 | 9y ago | The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-7448 | medium | 5.5 | 5.5 | 9y ago | The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a… | |||
| CVE-2017-7418 | medium | 5.5 | 5.5 | 9y ago | ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the l… | |||
| CVE-2017-7383 | medium | 5.5 | 5.5 | 9y ago | The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | |||
| CVE-2017-7382 | medium | 5.5 | 5.5 | 9y ago | The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | |||
| CVE-2017-7381 | medium | 5.5 | 5.5 | 9y ago | The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | |||
| CVE-2017-7380 | medium | 5.5 | 5.5 | 9y ago | The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | |||
| CVE-2017-7379 | medium | 5.5 | 5.5 | 9y ago | The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) v… | |||
| CVE-2017-7378 | medium | 5.5 | 5.5 | 9y ago | The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PD… | |||
| CVE-2017-5951 | medium | 5.5 | 5.5 | 9y ago | The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) … | |||
| CVE-2017-5950 | medium | 5.5 | 5.5 | 9y ago | The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. | |||
| CVE-2017-6974 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows att… | |||
| CVE-2017-2417 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2390 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves syml… | |||
| CVE-2017-2385 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain … | |||
| CVE-2017-7346 | medium | 5.5 | 5.5 | 9y ago | The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denia… | |||
| CVE-2017-7299 | medium | 5.5 | 5.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink… | |||
| CVE-2017-7275 | medium | 5.5 | 5.5 | 9y ago | The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOT… | |||
| CVE-2017-7274 | medium | 5.5 | 5.5 | 9y ago | The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file. | |||
| CVE-2017-6459 | medium | 5.5 | 5.5 | 9y ago | The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes. | |||
| CVE-2017-5973 | medium | 5.5 | 5.5 | 9y ago | The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors r… | |||
| CVE-2017-7262 | medium | 5.5 | 5.5 | 9y ago | The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demo… | |||
| CVE-2017-7261 | medium | 5.5 | 5.5 | 9y ago | The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to… | |||
| CVE-2017-5508 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted… | |||
| CVE-2017-5644 | medium | 5.5 | 5.5 | 9y ago | Improper Restriction of Recursive Entity References in DTDs in Apache POI | |||
| CVE-2017-7244 | medium | 5.5 | 5.5 | 9y ago | The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. | |||
| CVE-2017-7224 | medium | 5.5 | 5.5 | 9y ago | The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a pr… | |||
| CVE-2017-7210 | medium | 5.5 | 5.5 | 9y ago | objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program … | |||
| CVE-2017-7209 | medium | 5.5 | 5.5 | 9y ago | The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash. | |||
| CVE-2017-7207 | medium | 5.5 | 5.5 | 9y ago | The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. | |||
| CVE-2017-6839 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2017-6838 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2017-6837 | medium | 5.5 | 5.5 | 9y ago | WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients. | |||
| CVE-2017-6836 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows re… | |||
| CVE-2017-6835 | medium | 5.5 | 5.5 | 9y ago | The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a craf… | |||
| CVE-2017-6834 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a … | |||
| CVE-2017-6833 | medium | 5.5 | 5.5 | 9y ago | The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a cra… | |||
| CVE-2017-6832 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of … | |||
| CVE-2017-6831 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause … | |||
| CVE-2017-6830 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2017-6829 | medium | 5.5 | 5.5 | 9y ago | The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2017-5987 | medium | 5.5 | 5.5 | 9y ago | The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) … | |||
| CVE-2017-5956 | medium | 5.5 | 5.5 | 9y ago | The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_bu… | |||
| CVE-2017-6966 | medium | 5.5 | 5.5 | 9y ago | readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid s… | |||
| CVE-2017-6965 | medium | 5.5 | 5.5 | 9y ago | readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. | |||
| CVE-2017-6961 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in apng2gif 1.7. There is improper sanitization of user input causing huge memory allocations, resulting in a crash. This is related to the read_chunk function using the pChun… | |||
| CVE-2017-0105 | medium | 5.5 | 5.5 | 9y ago | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow r… | |||
| CVE-2017-0029 | medium | 5.5 | 5.5 | 9y ago | Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office D… | |||
| CVE-2017-0007 | medium | 5.5 | 5.5 | 9y ago | Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security… | |||
| CVE-2017-6951 | medium | 5.5 | 5.5 | 9y ago | The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key sy… | |||
| CVE-2017-5505 | medium | 5.5 | 5.5 | 9y ago | The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image. | |||
| CVE-2017-5898 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a … | |||
| CVE-2017-5849 | medium | 5.5 | 5.5 | 9y ago | tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff… | |||
| CVE-2017-6430 | medium | 5.5 | 5.5 | 9y ago | The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter. | |||
| CVE-2017-6851 | medium | 5.5 | 5.5 | 9y ago | The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image. | |||
| CVE-2017-6850 | medium | 5.5 | 5.5 | 9y ago | The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. | |||
| CVE-2017-6849 | medium | 5.5 | 5.5 | 9y ago | The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-6848 | medium | 5.5 | 5.5 | 9y ago | The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-6847 | medium | 5.5 | 5.5 | 9y ago | The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-6846 | medium | 5.5 | 5.5 | 9y ago | The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cr… | |||
| CVE-2017-6845 | medium | 5.5 | 5.5 | 9y ago | The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-6842 | medium | 5.5 | 5.5 | 9y ago | The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-6841 | medium | 5.5 | 5.5 | 9y ago | The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a craf… | |||
| CVE-2017-6840 | medium | 5.5 | 5.5 | 9y ago | The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file. |