VYPR

linux

by Debian

Source repositories

CVEs (3,015)

  • CVE-2015-1239MedOct 18, 2017
    risk 0.42cvss 6.5epss 0.01

    Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.

  • CVE-2017-14994MedOct 4, 2017
    risk 0.42cvss 6.5epss 0.03

    ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.

  • CVE-2017-14990MedOct 3, 2017
    risk 0.42cvss 6.5epss 0.02

    WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access…

  • CVE-2017-14733MedSep 25, 2017
    risk 0.42cvss 6.5epss 0.02

    ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

  • CVE-2017-14634MedSep 21, 2017
    risk 0.42cvss 6.5epss 0.02

    In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.

  • CVE-2017-14633MedSep 21, 2017
    risk 0.42cvss 6.5epss 0.02

    In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().

  • CVE-2017-14604MedSep 20, 2017
    risk 0.42cvss 6.5epss 0.02

    GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus…

  • CVE-2017-14528MedSep 18, 2017
    risk 0.42cvss 6.5epss 0.03

    The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid…

  • CVE-2017-14504MedSep 17, 2017
    risk 0.42cvss 6.5epss 0.02

    ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference.

  • CVE-2017-14341MedSep 12, 2017
    risk 0.42cvss 6.5epss 0.02

    ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.

  • CVE-2017-14314MedSep 12, 2017
    risk 0.42cvss 6.5epss 0.02

    Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.

  • CVE-2017-7650MedSep 11, 2017
    risk 0.42cvss 6.5epss 0.02

    In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party…

  • CVE-2017-14223MedSep 9, 2017
    risk 0.42cvss 6.5epss 0.03

    In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is…

  • CVE-2017-14175MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.02

    In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is…

  • CVE-2017-14174MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.02

    In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is…

  • CVE-2017-14173MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.02

    In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted…

  • CVE-2017-14172MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.02

    In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the…

  • CVE-2017-14136MedSep 4, 2017
    risk 0.42cvss 6.5epss 0.02

    OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597.

  • CVE-2017-14132MedSep 4, 2017
    risk 0.42cvss 6.5epss 0.02

    JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4,…

  • CVE-2017-12874HigSep 1, 2017
    risk 0.42cvss 7.5epss 0.01

    The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.

Page 55 of 151