CVSS: 9.8EPSS: 1%CPEs: 62EXPL: 0CVE-2016-9841 – zlib: Out-of-bounds pointer arithmetic in inffast.c
https://notcve.org/view.php?id=CVE-2016-9841
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. inffast.c en zlib 1.2.8 puede permitir que atacantes dependientes del contexto causen un impacto no especificado aprovechando una aritmética de puntero incorrecta.. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus •
CVSS: 8.8EPSS: 0%CPEs: 36EXPL: 0CVE-2016-9842 – zlib: Undefined left shift of negative number
https://notcve.org/view.php?id=CVE-2016-9842
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. La función inflateMark en inflate.c en zlib 1.2.8 podría permitir que los atacantes dependientes del contexto tener un impacto no especificado a través de vectores que implican cambios a la izquierda de enteros negativos. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/95131 http://www.securitytracker.com/id/1039427 https:/&# •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-5316
https://notcve.org/view.php?id=CVE-2016-5316
Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool. Lectura fuera de límites en la función PixarLogCleanup en tif_pixarlog.c en libtiff 4.0.6 y versiones anteriores permite a atacantes remotos bloquear la aplicación enviando una imagen TIFF manipulada a la herramienta rgb2ycbcr. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html http://www.debian.org/security/2017/dsa-3762 http://www.openwall.com/lists/oss-security/2016/06/15/3 http://www.securityfocus.com/bid/91203 https://security.gentoo.org/glsa/201701-16 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-5317
https://notcve.org/view.php?id=CVE-2016-5317
Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file. Desbordamiento de búfer en la función PixarLogDecode en libtiff.so en la función PixarLogDecode en libtiff 4.0.6 y versiones anteriores, como se utiliza en GNOME nautilus, permite a atacantes provocar un ataque de denegación de servicio (caída) a través de un archivo TIFF manipulado. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html http://www.debian.org/security/2017/dsa-3762 http://www.openwall.com/lists/oss-security/2016/06/15/10 http://www.openwall.com/lists/oss-security/2016/06/15/5 http://www.securityfocus.com/bid/91208 https://security.gentoo.org/glsa/201701-16 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 0CVE-2017-5333 – icoutils: Integer overflow vulnerability in extract.c
https://notcve.org/view.php?id=CVE-2017-5333
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. Un desbordamiento de enteros en la función extract_group_icon_cursor_resource en el archivo b/wrestool/extract.c en icoutils versiones anteriores a la versión 0.31.1, permite a usuarios locales causar una denegación de servicio (bloqueo del proceso) o ejecutar código arbitrario mediante un archivo ejecutable diseñado. A vulnerability was found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by wrestool, could result in memory corruption leading to a crash or potential code execution. • http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00026.html http://rhn.redhat.com/errata/RHSA-2017-0837.html http://www.debian.org/security/2017/dsa-3765 http://www.openwall.com/lists/oss-security/2017/01/11/3 http://www.securityfocus.com/bid/95678 http://www.ubuntu.com/usn/USN-3178-1 https://bugzilla.redhat. • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •