CVEs from 2017
Total
11,608
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5950 | medium | 5.5 | 5.5 | 9y ago | The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. | |||
| CVE-2017-6974 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows att… | |||
| CVE-2017-2417 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the … | |||
| CVE-2017-2390 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves syml… | |||
| CVE-2017-2385 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain … | |||
| CVE-2017-7346 | medium | 5.5 | 5.5 | 9y ago | The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denia… | |||
| CVE-2017-7299 | medium | 5.5 | 5.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink… | |||
| CVE-2017-7275 | medium | 5.5 | 5.5 | 9y ago | The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOT… | |||
| CVE-2017-7274 | medium | 5.5 | 5.5 | 9y ago | The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file. | |||
| CVE-2017-6459 | medium | 5.5 | 5.5 | 9y ago | The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes. | |||
| CVE-2017-5973 | medium | 5.5 | 5.5 | 9y ago | The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors r… | |||
| CVE-2017-7262 | medium | 5.5 | 5.5 | 9y ago | The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demo… | |||
| CVE-2017-7261 | medium | 5.5 | 5.5 | 9y ago | The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to… | |||
| CVE-2017-5508 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted… | |||
| CVE-2017-5644 | medium | 5.5 | 5.5 | 9y ago | Improper Restriction of Recursive Entity References in DTDs in Apache POI | |||
| CVE-2017-7244 | medium | 5.5 | 5.5 | 9y ago | The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. | |||
| CVE-2017-7224 | medium | 5.5 | 5.5 | 9y ago | The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a pr… | |||
| CVE-2017-7210 | medium | 5.5 | 5.5 | 9y ago | objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program … | |||
| CVE-2017-7209 | medium | 5.5 | 5.5 | 9y ago | The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash. | |||
| CVE-2017-7207 | medium | 5.5 | 5.5 | 9y ago | The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. | |||
| CVE-2017-6839 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2017-6838 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2017-6837 | medium | 5.5 | 5.5 | 9y ago | WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients. | |||
| CVE-2017-6836 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows re… | |||
| CVE-2017-6835 | medium | 5.5 | 5.5 | 9y ago | The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a craf… | |||
| CVE-2017-6834 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a … | |||
| CVE-2017-6833 | medium | 5.5 | 5.5 | 9y ago | The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a cra… | |||
| CVE-2017-6832 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of … | |||
| CVE-2017-6831 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause … | |||
| CVE-2017-6830 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2017-6829 | medium | 5.5 | 5.5 | 9y ago | The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2017-5987 | medium | 5.5 | 5.5 | 9y ago | The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) … | |||
| CVE-2017-5956 | medium | 5.5 | 5.5 | 9y ago | The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_bu… | |||
| CVE-2017-6966 | medium | 5.5 | 5.5 | 9y ago | readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid s… | |||
| CVE-2017-6965 | medium | 5.5 | 5.5 | 9y ago | readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. | |||
| CVE-2017-6961 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in apng2gif 1.7. There is improper sanitization of user input causing huge memory allocations, resulting in a crash. This is related to the read_chunk function using the pChun… | |||
| CVE-2017-0105 | medium | 5.5 | 5.5 | 9y ago | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow r… | |||
| CVE-2017-0029 | medium | 5.5 | 5.5 | 9y ago | Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office D… | |||
| CVE-2017-0007 | medium | 5.5 | 5.5 | 9y ago | Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security… | |||
| CVE-2017-6951 | medium | 5.5 | 5.5 | 9y ago | The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key sy… | |||
| CVE-2017-5505 | medium | 5.5 | 5.5 | 9y ago | The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image. | |||
| CVE-2017-5898 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a … | |||
| CVE-2017-5849 | medium | 5.5 | 5.5 | 9y ago | tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff… | |||
| CVE-2017-6430 | medium | 5.5 | 5.5 | 9y ago | The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter. | |||
| CVE-2017-6851 | medium | 5.5 | 5.5 | 9y ago | The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image. | |||
| CVE-2017-6850 | medium | 5.5 | 5.5 | 9y ago | The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. | |||
| CVE-2017-6849 | medium | 5.5 | 5.5 | 9y ago | The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-6848 | medium | 5.5 | 5.5 | 9y ago | The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-6847 | medium | 5.5 | 5.5 | 9y ago | The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-6846 | medium | 5.5 | 5.5 | 9y ago | The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cr… | |||
| CVE-2017-6845 | medium | 5.5 | 5.5 | 9y ago | The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-6842 | medium | 5.5 | 5.5 | 9y ago | The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-6841 | medium | 5.5 | 5.5 | 9y ago | The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a craf… | |||
| CVE-2017-6840 | medium | 5.5 | 5.5 | 9y ago | The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file. | |||
| CVE-2017-5994 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds… | |||
| CVE-2017-6335 | medium | 5.5 | 5.5 | 9y ago | The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samp… | |||
| CVE-2017-5957 | medium | 5.5 | 5.5 | 9y ago | Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), al… | |||
| CVE-2017-6596 | medium | 5.5 | 5.5 | 9y ago | partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to launch a 'Denial o… | |||
| CVE-2017-6355 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length … | |||
| CVE-2017-6314 | medium | 5.5 | 5.5 | 9y ago | The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. | |||
| CVE-2017-6312 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, … | |||
| CVE-2017-0529 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could… | |||
| CVE-2017-0499 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial o… | |||
| CVE-2017-0498 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factor… | |||
| CVE-2017-0496 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a… | |||
| CVE-2017-0495 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be … | |||
| CVE-2017-0494 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate … | |||
| CVE-2017-0492 | medium | 5.5 | 5.5 | 9y ago | An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a … | |||
| CVE-2017-0491 | medium | 5.5 | 5.5 | 9y ago | An elevation of privilege vulnerability in Package Manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications. This i… | |||
| CVE-2017-0490 | medium | 5.5 | 5.5 | 9y ago | An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to delete user data. This issue is rated as Moderate because it is a local bypass of user interaction requi… | |||
| CVE-2017-0489 | medium | 5.5 | 5.5 | 9y ago | An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate becaus… | |||
| CVE-2017-0488 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility… | |||
| CVE-2017-0487 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility… | |||
| CVE-2017-0486 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility… | |||
| CVE-2017-0485 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility… | |||
| CVE-2017-0484 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility… | |||
| CVE-2017-0483 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility… | |||
| CVE-2017-0482 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility… | |||
| CVE-2017-0336 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it cou… | |||
| CVE-2017-0334 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it cou… | |||
| CVE-2017-6502 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS). | |||
| CVE-2017-6501 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference. | |||
| CVE-2017-6500 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read. | |||
| CVE-2017-6499 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS). | |||
| CVE-2017-6498 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS. | |||
| CVE-2017-5834 | medium | 5.5 | 5.5 | 9y ago | The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file. | |||
| CVE-2017-6410 | medium | 5.5 | 5.5 | 9y ago | kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string,… | |||
| CVE-2017-6404 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data. | |||
| CVE-2017-6415 | medium | 5.5 | 5.5 | 9y ago | The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file. | |||
| CVE-2017-6387 | medium | 5.5 | 5.5 | 9y ago | The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file. | |||
| CVE-2017-6353 | medium | 5.5 | 5.5 | 9y ago | net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (inva… | |||
| CVE-2017-6348 | medium | 5.5 | 5.5 | 9y ago | The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted oper… | |||
| CVE-2017-5981 | medium | 5.5 | 5.5 | 9y ago | seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file. | |||
| CVE-2017-5980 | medium | 5.5 | 5.5 | 9y ago | The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file. | |||
| CVE-2017-5979 | medium | 5.5 | 5.5 | 9y ago | The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file. | |||
| CVE-2017-5978 | medium | 5.5 | 5.5 | 9y ago | The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file. | |||
| CVE-2017-5977 | medium | 5.5 | 5.5 | 9y ago | The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file. | |||
| CVE-2017-5976 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial o… | |||
| CVE-2017-5975 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash… | |||
| CVE-2017-5974 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash… |