Page 143 of 1428 results (0.011 seconds)

CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 1

JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer. JasPer, en versiones anteriores a la 2.0.12, es vulnerable a un uso de memoria previamente liberada en la forma en la que descifra ciertos archivos de imagen JPEG 2000. Esto resulta en un cierre inesperado de la aplicación que esté usando JasPer. A use-after-free flaw was found in the way JasPer, before version 2.0.12, decode certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. • http://www.securityfocus.com/bid/94952 https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=1406405 https://security.gentoo.org/glsa/201707-07 https://www.debian.org/security/2017/dsa-3827 https://access.redhat.com/security/cve/CVE-2016-9591 • CWE-416: Use After Free •

CVSS: 9.6EPSS: 41%CPEs: 9EXPL: 0

An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf. Una lectura fuera de límites en V8 en Google Chrome, en versiones anteriores a la 57.0.2987.133 para Linux, Windows y Mac y a la 57.0.2987.132 para Android, permitía que un atacante remoto ejecutase código arbitrario en un espacio aislado o sandbox mediante una página HTML manipulada. Esto está relacionado con Array.prototype.indexOf. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Array.prototype.indexOf method. • http://www.securityfocus.com/bid/97220 http://zerodayinitiative.com/advisories/ZDI-17-462 https://access.redhat.com/errata/RHSA-2017:0860 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html https://crbug.com/702058 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5053 https://bugzilla.redhat.com/show_bug.cgi?id=1437353 • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0

A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso de memoria previamente liberada en Blink en Google Chrome, en versiones anteriores a la 57.0.2987.133 para Linux, Windows y Mac y a la 57.0.2987.132 para Android, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97220 http://www.securitytracker.com/id/1038623 https://access.redhat.com/errata/RHSA-2017:0860 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html https://crbug.com/705445 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5056 https://bugzilla.redhat.com/show_bug.cgi?id=1437352 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0

An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page. Una lectura fuera de límites en V8 en Google Chrome, en versiones anteriores a la 57.0.2987.133 para Linux, Windows y Mac y a la 57.0.2987.132 para Android, permitía que un atacante remoto obtenga el contenido de la memoria dinámica (heap) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97220 https://access.redhat.com/errata/RHSA-2017:0860 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html https://crbug.com/699166 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5054 https://bugzilla.redhat.com/show_bug.cgi?id=1437350 • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0

An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting. Una hipótesis incorrecta sobre la estructura en bloques en Blink en Google Chrome, en versiones anteriores a la 57.0.2987.133 para Mac, Windows y Linux y a la versión 57.0.2987.132 para Android, permitía que un atacante remoto pudiese explotar una corrupción de memoria mediante una página HTML manipulada que desencadena un envío incorrecto. • http://www.securityfocus.com/bid/97220 https://access.redhat.com/errata/RHSA-2017:0860 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html https://crbug.com/662767 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5052 https://bugzilla.redhat.com/show_bug.cgi?id=1437351 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •