Page 121 of 872 results (0.015 seconds)

CVSS: 8.1EPSS: 0%CPEs: 15EXPL: 1

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash. Se descubrió un problema en icoutils 0.31.1. Se observó un desbordamiento de búfer en la función "extract_icons" en el archivo fuente "extract.c". • http://rhn.redhat.com/errata/RHSA-2017-0837.html http://www.debian.org/security/2017/dsa-3807 http://www.securityfocus.com/bid/96288 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854054 https://security.gentoo.org/glsa/201801-12 https://access.redhat.com/security/cve/CVE-2017-6010 https://bugzilla.redhat.com/show_bug.cgi?id=1422907 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 8.1EPSS: 0%CPEs: 15EXPL: 1

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool. Se descubrió un problema en icoutils 0.31.1. • http://rhn.redhat.com/errata/RHSA-2017-0837.html http://www.debian.org/security/2017/dsa-3807 http://www.securityfocus.com/bid/96292 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854050 https://security.gentoo.org/glsa/201801-12 https://access.redhat.com/security/cve/CVE-2017-6009 https://bugzilla.redhat.com/show_bug.cgi?id=1422906 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 3

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. El desbordamiento del búfer basado en la pila en la función jpc_tsfb_getbands2 en jpc_tsfb.c en JasPer antes de la versión 1.900.30 permite a los atacantes remotos tener un impacto no especificado a través de una imagen manipulada • http://www.debian.org/security/2017/dsa-3785 http://www.openwall.com/lists/oss-security/2016/11/20/1 http://www.openwall.com/lists/oss-security/2016/11/23/5 http://www.securityfocus.com/bid/94428 https://access.redhat.com/errata/RHSA-2017:1208 https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-9560 https://github.com/mdadams/jasper& • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0

Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. Caída en libmysqlclient.so en Oracle MySQL en versiones anteriores 5.6.21 y 5.7.x en versiones anteriores 5.7.5 y MariaDB hasta la versión 5.5.54, 10.0.x hasta la versión 10.0.29, 10.1.x hasta la versión 10.1.21 y 10.2.x hasta la versión 10.2.3. A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient. • http://www.debian.org/security/2017/dsa-3809 http://www.debian.org/security/2017/dsa-3834 http://www.openwall.com/lists/oss-security/2017/02/11/11 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/96162 http://www.securitytracker.com/id/1038287 https://access.redhat.com/errata/RHSA-2017:2192 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2018:0279 https://access.redhat.c • CWE-416: Use After Free •

CVSS: 7.5EPSS: 3%CPEs: 15EXPL: 0

The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. La función gst_ps_demux_parse_psm en gst/mpegdemux/gstmpegdemux.c en gst-plugins-bad en GStreamer permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de vectores que implican análisis PSM. • http://www.debian.org/security/2017/dsa-3818 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3 https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html https://security.gentoo.org/glsa/201705-10 https://access.redhat.com/security/cve/CVE-2017-5848&# • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •