CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 1CVE-2017-17681 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-17681
14 Dec 2017 — In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file. Se ha encontrado una vulnerabilidad de bucle infinito en ImageMagick 7.0.7-12 Q16 en la función ReadPSDChannelZip en coders/psd.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio (agotamiento de CPU) mediante un archivo de imagen psd manipulado. It was disc... • http://www.securityfocus.com/bid/102206 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2017-17669 – Ubuntu Security Notice USN-3852-1
https://notcve.org/view.php?id=CVE-2017-17669
13 Dec 2017 — There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack. Existe una sobrelectura de búfer basada en memoria dinámica (heap) en la función Exiv2::Internal::PngChunk::keyTXTChunk de pngchunk_int.cpp en la versión 0.26 de Exiv2. Un archivo PNG manipulado conducirá a un ataque remoto de denegación de servicio. It was discovered that Exiv2 incorrectly handled certain files. • https://github.com/Exiv2/exiv2/issues/187 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-16909 – Ubuntu Security Notice USN-3615-1
https://notcve.org/view.php?id=CVE-2017-16909
12 Dec 2017 — An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image. Un error relacionado con la función "LibRaw::panasonic_load_raw()" (dcraw_common.cpp) en las versiones anteriores a la 0.18.6 de LibRaw puede explotarse para provocar un desbordamiento de búfer basado en memoria dinámica (heap) y un cierre inesperado mediante una imagen T... • https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-16910 – Ubuntu Security Notice USN-3615-1
https://notcve.org/view.php?id=CVE-2017-16910
12 Dec 2017 — An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. Un error en la función "LibRaw::xtrans_interpolate()" (internal/dcraw_common.cpp) en LibRaw en versiones anteriores a la 0.18.6 se puede explotar para provocar un acceso de lectura a la memoria inválido y una condición de denegación de servicio (DoS). It was discovered that LibRaw inc... • https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2017-17499 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-17499
11 Dec 2017 — ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. ImageMagick en versiones anteriores a la 6.9.9-24 y versiones 7.x anteriores a la 7.0.7-12 presenta un uso de memoria previamente liberada en Magick::Image::read en Magick++/lib/Image.cpp. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker c... • http://www.securityfocus.com/bid/102155 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 1%CPEs: 9EXPL: 1CVE-2017-17504 – Debian Security Advisory 4204-1
https://notcve.org/view.php?id=CVE-2017-17504
11 Dec 2017 — ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. ImageMagick en versiones anteriores a la 7.0.7-12 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en coders/png.c Magick_png_read_raw_profile mediante un archivo manipulado, relacionado con ReadOneMNGImage. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick... • https://github.com/ImageMagick/ImageMagick/issues/872 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 10EXPL: 0CVE-2017-15422 – chromium-browser: integer overflow in icu
https://notcve.org/view.php?id=CVE-2017-15422
07 Dec 2017 — Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un desbordamiento de enteros en el manejo de fechas internacionales en International Components for Unicode (ICU) for C/C++ en versiones anteriores a la 60.1, tal y como se emplea en V8 en Google Chrome en versiones anteriores a la... • https://access.redhat.com/errata/RHSA-2017:3401 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-13168 – Ubuntu Security Notice USN-3820-3
https://notcve.org/view.php?id=CVE-2017-13168
06 Dec 2017 — An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233. Existe una vulnerabilidad de elevación de privilegios en el controlador SCSI del kernel. • https://source.android.com/security/bulletin/pixel/2017-12-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 3CVE-2017-15118 – QEMU - NBD Server Long Export Name Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-15118
29 Nov 2017 — A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS. Se ha detectado una vulnerabilidad de desbordamiento de búfer basado en pila en la implementación de servidor NBD e... • https://packetstorm.news/files/id/145154 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-16611 – Gentoo Linux Security Advisory 201801-10
https://notcve.org/view.php?id=CVE-2017-16611
29 Nov 2017 — In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. En libXfont en versiones anteriores a la 1.5.4 y libXfont2 en versiones anteriores a la 2.0.3, un atacante local puede abrir (pero no leer) archivos en el sistema como root, desencadenando rebobinados de cinta, watchdogs o mecanismos similares que se pueden desencadenar abriendo archivos. I... • http://security.cucumberlinux.com/security/details.php?id=155 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •