Filtered by CWE-125
Total 9563 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-16535 1 Linux 1 Linux Kernel 2025-04-20 N/A
The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-6615 1 Cisco 1 Ios Xe 2025-04-20 N/A
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device. Cisco Bug IDs: CSCvb94392.
CVE-2017-16642 5 Canonical, Debian, Netapp and 2 more 6 Ubuntu Linux, Debian Linux, Clustered Data Ontap and 3 more 2025-04-20 N/A
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.
CVE-2017-16645 1 Linux 1 Linux Kernel 2025-04-20 N/A
The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-6500 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2025-04-20 N/A
An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.
CVE-2017-6387 1 Radare 1 Radare2 2025-04-20 N/A
The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file.
CVE-2017-16794 1 Swftools 1 Swftools 2025-04-20 N/A
The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf.
CVE-2017-16805 1 Radare 1 Radare2 2025-04-20 N/A
In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.
CVE-2016-9532 2 Debian, Libtiff 2 Debian Linux, Libtiff 2025-04-20 N/A
Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file.
CVE-2017-6347 1 Linux 1 Linux Kernel 2025-04-20 7.8 High
The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission.
CVE-2017-16840 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2025-04-20 9.8 Critical
The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.
CVE-2017-6335 1 Graphicsmagick 1 Graphicsmagick 2025-04-20 N/A
The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.
CVE-2017-6312 3 Debian, Fedoraproject, Gnome 3 Debian Linux, Fedora, Gdk-pixbuf 2025-04-20 5.5 Medium
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.
CVE-2017-17066 2 Getkovri, I2pd 2 Kovri, I2pd 2025-04-20 N/A
The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading sensitive router memory, aka the GarlicRust bug.
CVE-2017-6310 2 Debian, Tnef Project 2 Debian Linux, Tnef 2025-04-20 N/A
An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.
CVE-2017-17080 1 Gnu 1 Binutils 2025-04-20 N/A
elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.
CVE-2017-17081 1 Ffmpeg 1 Ffmpeg 2025-04-20 N/A
The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.
CVE-2017-6309 2 Debian, Tnef Project 2 Debian Linux, Tnef 2025-04-20 N/A
An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.
CVE-2017-6301 2 Debian, Ytnef Project 2 Debian Linux, Ytnef 2025-04-20 N/A
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads."
CVE-2017-5896 1 Artifex 1 Mupdf 2025-04-20 N/A
Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.