CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1CVE-2016-9583 – jasper: integer overflows leading to out of bounds read in packet iterators in JPC decoder
https://notcve.org/view.php?id=CVE-2016-9583
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input. Se ha detectado una vulnerabilidad de lectura de memoria dinámica (heap) fuera de límites en la función jpc_pi_nextpcrl() de jasper en versiones anteriores a la 2.0.6 al procesar entradas manipuladas. • http://www.securityfocus.com/bid/94925 https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9583 https://github.com/mdadams/jasper/commit/aa0b0f79ade5eef8b0e7a214c03f5af54b36ba7d https://github.com/mdadams/jasper/commit/f25486c3d4aa472fec79150f2c41ed4333395d3d https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://access.redhat.com/security/cve/CVE-2016-9583 https://bugzilla.redhat.com/show_bug.cgi?id=1405148 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-10328
https://notcve.org/view.php?id=CVE-2016-10328
FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. FreeType 2 en versiones anteriores a 16-12-2016 tiene una escritura fuera de límites provocada por un desbordamiento de búfer basado en memoria dinámica relacionado con la función cff_parser_run en cff/cffparse.c. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=beecf80a6deecbaf5d264d4f864451bde4fe98b8 http://savannah.nongnu.org/bugs/?func=detailitem&item_id=49858 http://www.securityfocus.com/bid/97677 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289 https://security.gentoo.org/glsa/201706-14 https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3268
https://notcve.org/view.php?id=CVE-2017-3268
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html http://www.securityfocus.com/bid/95522 http://www.securitytracker.com/id/1037631 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3270
https://notcve.org/view.php?id=CVE-2017-3270
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html http://www.securityfocus.com/bid/95529 http://www.securitytracker.com/id/1037631 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3267
https://notcve.org/view.php?id=CVE-2017-3267
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html http://www.securityfocus.com/bid/95513 http://www.securitytracker.com/id/1037631 •