CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2017-5849
https://notcve.org/view.php?id=CVE-2017-5849
tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values. tiffttopnm en netpbm 10.47.63 no utiliza correctamente la función libtiff TIFFRGBAImageGet, lo que permite a atacantes remotos provocar una denegación de servicio (lectura y escritura fuera de límites) a través de un archivo de imagen tiff manipulado, relacionado con la transposición de los valores de anchura y altura. • http://bugzilla.maptools.org/show_bug.cgi?id=2654 http://bugzilla.maptools.org/show_bug.cgi?id=2655 http://www.openwall.com/lists/oss-security/2017/02/02/2 http://www.securityfocus.com/bid/96011 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AF42A624FXVY3BYBHMAO6F2X7EJYHQE2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDK3BDMKIQL2NQ3SJZXPBEN2LSOUSSEE • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-9956
https://notcve.org/view.php?id=CVE-2016-9956
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. El administrador de ruta en FlightGear en versiones anteriores a 2016.4.4 permite a atacantes remotos escribir en archivos arbitrarios a través de una secuencia de comandos Nasal manipulada. • http://www.debian.org/security/2016/dsa-3742 http://www.openwall.com/lists/oss-security/2016/12/14/11 http://www.openwall.com/lists/oss-security/2016/12/15/10 http://www.openwall.com/lists/oss-security/2016/12/16/5 http://www.securityfocus.com/bid/94945 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZKAN7V6UOHSRFWO567XMN4O6WXTSL32 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DB3B5XBB2NL2O2U4WNYGH7ZL45Q4 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2016-7969
https://notcve.org/view.php?id=CVE-2016-7969
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." La función wrap_lines_smart en ass_render.c en libass en versiones anteriores a 0.13.4 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de vectores no especificados, relacionados con "0/3 ecualización de envoltura de línea". • http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html http://www.openwall.com/lists/oss-security/2016/10/05/2 http://www.securityfocus.com/bid/93358 https://bugzilla.redhat.com/show_bug.cgi?id=1381960 https://github.com/libass/libass/commit/f4f48950788b91c6a30029cc28a240b834713ea7 https://github.com/libass/libass/releases/tag/0.13.4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC https://lists.fedoraproject.org/archi • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2016-7970
https://notcve.org/view.php?id=CVE-2016-7970
Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. Desbordamiento de búfer en la función calc_coeff en libass/ass_blur.c en libass en versiones anteriores a 0.13.4 permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2016/10/05/2 http://www.securityfocus.com/bid/93358 https://bugzilla.redhat.com/show_bug.cgi?id=1381960 https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75 https://github.com/libass/libass/releases/tag/0.13.4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2016-7972
https://notcve.org/view.php?id=CVE-2016-7972
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. La función check_allocations en libass/ass_shaper.c en libass en versiones anteriores a 0.13.4 permite a atacantes remotos provocar una denegación de servicio (fallo de ubicación de memoria) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html http://www.openwall.com/lists/oss-security/2016/10/05/2 http://www.securityfocus.com/bid/93358 https://bugzilla.redhat.com/show_bug.cgi?id=1381960 https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b https://github.com/libass/libass/releases/tag/0.13.4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC https://lists.fedoraprojec • CWE-399: Resource Management Errors •