Page 34 of 256 results (0.009 seconds)

CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0

CVE-2017-5332 – icoutils: Access to unallocated memory possible in extract.c

https://notcve.org/view.php?id=CVE-2017-5332

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. La función extract_group_icon_cursor_resource en el archivo wrestool/extract.c en icoutils versiones anteriores a la versión 0.31.1, puede acceder a la memoria no asignada, lo que permite a usuarios locales causar una denegación de servicio (bloqueo del proceso) y ejecutar código arbitrario mediante un ejecutable especialmente diseñado. A vulnerability was found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by wrestool, could result in failure to allocate memory or an over-large memcpy operation, leading to a crash. • http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html http://rhn.redhat.com/errata/RHSA-2017-0837.html http://www.debian.org/security/2017/dsa-3765 http://www.openwall.com/lists/oss-security/2017/01/11/3 http://www.securityfocus.com/bid/95380 http://www.ubuntu.com/usn/USN-3178-1 https://bugzilla.redhat. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2016-9436

https://notcve.org/view.php?id=CVE-2016-9436

parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. parsetagx.c en w3m en versiones anteriores a 0.5.3+git20161009 no inicia valores adecuadamente, lo que permite a atacantes remotos bloquear la aplicación a través de un archivo html manipulado, relacionado con una etiqueta <i>.</i> • http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html http://www.openwall.com/lists/oss-security/2016/11/18/3 http://www.securityfocus.com/bid/94407 https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd https://github.com/tats/w3m/issues/16 https://security.gentoo.org/glsa/201701-08 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2016-9435

https://notcve.org/view.php?id=CVE-2016-9435

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags. La función HTMLtagproc1 en file.c en w3m en versiones anteriores a 0.5.3+git20161009 no inicia valores adecuadamente, lo que permite a atacantes remotos bloquear la aplicación a través de un archivo html manipulado, relacionado con etiquetas <dd> . </dd> • http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html http://www.openwall.com/lists/oss-security/2016/11/18/3 http://www.securityfocus.com/bid/94407 https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd https://github.com/tats/w3m/issues/16 https://security.gentoo.org/glsa/201701-08 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2016-9427

https://notcve.org/view.php?id=CVE-2016-9427

Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation. Vulnerabilidad de desbordamiento de entero en bdwgc en versiones anteriores a 2016-09-27 permite a atacantes provocar al cliente la denegación de servicio de bdwgc (caída de desbordamiento de búfer en memoria dinámica) y posiblemente ejecutar código arbitrario a través de asignación enorme. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00089.html http://lists.opensuse.org/opensuse-updates/2016-12/msg00115.html http://www.openwall.com/lists/oss-security/2016/11/18/3 http://www.securityfocus.com/bid/94407 https://github.com/ivmai/bdwgc/issues/135 https://lists.debian.org/debian-lts-announce/2022/03/msg00039.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 2%CPEs: 3EXPL: 0

CVE-2016-9556

https://notcve.org/view.php?id=CVE-2016-9556

The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. La función IsPixelGray en MagickCore/pixel-accessor.h en ImageMagick 7.0.3-8 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de un archivo de imagen manipulado. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00040.html http://www.debian.org/security/2016/dsa-3726 http://www.openwall.com/lists/oss-security/2016/11/23/1 http://www.openwall.com/lists/oss-security/2016/12/01/4 http://www.openwall.com/lists/oss-security/2016/12/02/12 http://www.securityfocus.com/bid/94492 https://blogs.gentoo.org/ago/2016/11/19/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h https://bugzilla.redhat.com/show_bug • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •