CVEs from 2017
Total
11,608
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7495 | medium | 5.5 | 5.5 | 9y ago | fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from ot… | |||
| CVE-2017-8934 | medium | 5.5 | 5.5 | 9y ago | PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability). | |||
| CVE-2017-8925 | medium | 5.5 | 5.5 | 9y ago | The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. | |||
| CVE-2017-0635 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rat… | |||
| CVE-2017-0626 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High be… | |||
| CVE-2017-0625 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High be… | |||
| CVE-2017-0624 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it… | |||
| CVE-2017-0602 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue… | |||
| CVE-2017-0601 | medium | 5.5 | 5.5 | 9y ago | An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated a… | |||
| CVE-2017-0600 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severi… | |||
| CVE-2017-0599 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due … | |||
| CVE-2017-0598 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. … | |||
| CVE-2017-0493 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate du… | |||
| CVE-2017-0242 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka "Microsoft ActiveX Information Disclosure Vulnerability." | |||
| CVE-2017-8908 | medium | 5.5 | 5.5 | 9y ago | The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document. | |||
| CVE-2017-8360 | medium | 5.5 | 5.5 | 9y ago | Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKey… | |||
| CVE-2017-8906 | medium | 5.5 | 5.5 | 9y ago | An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and ot… | |||
| CVE-2017-8891 | medium | 5.5 | 5.5 | 9y ago | Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads. | |||
| CVE-2017-0355 | medium | 5.5 | 5.5 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to … | |||
| CVE-2017-0353 | medium | 5.5 | 5.5 | 9y ago | All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where due to improper locking on certain conditions may lead to a denial of ser… | |||
| CVE-2017-7967 | medium | 5.5 | 5.5 | 9y ago | All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes t… | |||
| CVE-2017-8847 | medium | 5.5 | 5.5 | 9y ago | The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted arch… | |||
| CVE-2017-8846 | medium | 5.5 | 5.5 | 9y ago | The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive. | |||
| CVE-2017-8845 | medium | 5.5 | 5.5 | 9y ago | The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive. | |||
| CVE-2017-8843 | medium | 5.5 | 5.5 | 9y ago | The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive. | |||
| CVE-2017-8842 | medium | 5.5 | 5.5 | 9y ago | The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive. | |||
| CVE-2017-8391 | medium | 5.5 | 5.5 | 9y ago | The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows… | |||
| CVE-2017-8421 | medium | 5.5 | 5.5 | 9y ago | The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory ex… | |||
| CVE-2017-8374 | medium | 5.5 | 5.5 | 9y ago | The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | |||
| CVE-2017-8339 | medium | 5.5 | 5.5 | 9y ago | PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver. | |||
| CVE-2017-8106 | medium | 5.5 | 5.5 | 9y ago | The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) v… | |||
| CVE-2017-3619 | medium | 5.5 | 5.5 | 9y ago | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulner… | |||
| CVE-2017-3454 | medium | 5.5 | 5.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high… | |||
| CVE-2017-3232 | medium | 5.5 | 5.5 | 9y ago | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulner… | |||
| CVE-2017-2322 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to… | |||
| CVE-2017-2328 | medium | 5.5 | 5.5 | 9y ago | An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permission… | |||
| CVE-2017-2327 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to consume large amounts of syst… | |||
| CVE-2017-8071 | medium | 5.5 | 5.5 | 9y ago | drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial… | |||
| CVE-2017-8054 | medium | 5.5 | 5.5 | 9y ago | The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PD… | |||
| CVE-2017-8053 | medium | 5.5 | 5.5 | 9y ago | PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp). | |||
| CVE-2017-7718 | medium | 5.5 | 5.5 | 9y ago | hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying… | |||
| CVE-2017-7982 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and applic… | |||
| CVE-2017-7282 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This … | |||
| CVE-2017-7962 | medium | 5.5 | 5.5 | 9y ago | The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a craf… | |||
| CVE-2017-7960 | medium | 5.5 | 5.5 | 9y ago | The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. | |||
| CVE-2017-7849 | medium | 5.5 | 5.5 | 9y ago | Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. | |||
| CVE-2017-7946 | medium | 5.5 | 5.5 | 9y ago | The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file. | |||
| CVE-2017-7940 | medium | 5.5 | 5.5 | 9y ago | The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. | |||
| CVE-2017-7939 | medium | 5.5 | 5.5 | 9y ago | The read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file. | |||
| CVE-2017-7854 | medium | 5.5 | 5.5 | 9y ago | The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | |||
| CVE-2017-7742 | medium | 5.5 | 5.5 | 9y ago | In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file duri… | |||
| CVE-2017-7741 | medium | 5.5 | 5.5 | 9y ago | In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file dur… | |||
| CVE-2017-7716 | medium | 5.5 | 5.5 | 9y ago | The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembl… | |||
| CVE-2017-3053 | medium | 5.5 | 5.5 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of th… | |||
| CVE-2017-3052 | medium | 5.5 | 5.5 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of EM… | |||
| CVE-2017-3046 | medium | 5.5 | 5.5 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to contiguous code-stre… | |||
| CVE-2017-3045 | medium | 5.5 | 5.5 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to the palette box. | |||
| CVE-2017-3043 | medium | 5.5 | 5.5 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality. | |||
| CVE-2017-0204 | medium | 5.5 | 5.5 | 9y ago | Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted docum… | |||
| CVE-2017-0194 | medium | 5.5 | 5.5 | 9y ago | Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Mi… | |||
| CVE-2017-7697 | medium | 5.5 | 5.5 | 9y ago | In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. | |||
| CVE-2017-7624 | medium | 5.5 | 5.5 | 9y ago | The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. | |||
| CVE-2017-7623 | medium | 5.5 | 5.5 | 9y ago | The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | |||
| CVE-2017-7616 | medium | 5.5 | 5.5 | 9y ago | Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stac… | |||
| CVE-2017-7613 | medium | 5.5 | 5.5 | 9y ago | elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | |||
| CVE-2017-7612 | medium | 5.5 | 5.5 | 9y ago | The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||
| CVE-2017-7611 | medium | 5.5 | 5.5 | 9y ago | The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||
| CVE-2017-7610 | medium | 5.5 | 5.5 | 9y ago | The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||
| CVE-2017-7609 | medium | 5.5 | 5.5 | 9y ago | elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | |||
| CVE-2017-7608 | medium | 5.5 | 5.5 | 9y ago | The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted… | |||
| CVE-2017-7607 | medium | 5.5 | 5.5 | 9y ago | The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||
| CVE-2017-7595 | medium | 5.5 | 5.5 | 9y ago | The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. | |||
| CVE-2017-7594 | medium | 5.5 | 5.5 | 9y ago | The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image. | |||
| CVE-2017-7593 | medium | 5.5 | 5.5 | 9y ago | tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. | |||
| CVE-2017-0560 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibi… | |||
| CVE-2017-0559 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used… | |||
| CVE-2017-0558 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be … | |||
| CVE-2017-0557 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because … | |||
| CVE-2017-0556 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because … | |||
| CVE-2017-0555 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in libavc in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it… | |||
| CVE-2017-0552 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due t… | |||
| CVE-2017-0551 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due t… | |||
| CVE-2017-0550 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due t… | |||
| CVE-2017-0549 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due t… | |||
| CVE-2017-0548 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibil… | |||
| CVE-2017-0547 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it i… | |||
| CVE-2017-7586 | medium | 5.5 | 5.5 | 9y ago | In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. | |||
| CVE-2017-7585 | medium | 5.5 | 5.5 | 9y ago | In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. | |||
| CVE-2017-7454 | medium | 5.5 | 5.5 | 9y ago | The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | |||
| CVE-2017-7453 | medium | 5.5 | 5.5 | 9y ago | The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-7452 | medium | 5.5 | 5.5 | 9y ago | The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-7448 | medium | 5.5 | 5.5 | 9y ago | The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a… | |||
| CVE-2017-7418 | medium | 5.5 | 5.5 | 9y ago | ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the l… | |||
| CVE-2017-7383 | medium | 5.5 | 5.5 | 9y ago | The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | |||
| CVE-2017-7382 | medium | 5.5 | 5.5 | 9y ago | The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | |||
| CVE-2017-7381 | medium | 5.5 | 5.5 | 9y ago | The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | |||
| CVE-2017-7380 | medium | 5.5 | 5.5 | 9y ago | The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | |||
| CVE-2017-7379 | medium | 5.5 | 5.5 | 9y ago | The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) v… | |||
| CVE-2017-7378 | medium | 5.5 | 5.5 | 9y ago | The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PD… | |||
| CVE-2017-5951 | medium | 5.5 | 5.5 | 9y ago | The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) … |