Total
12847 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14767 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | N/A |
| The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. | ||||
| CVE-2017-14749 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | N/A |
| JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data. | ||||
| CVE-2017-14742 | 1 Labf | 1 Nfsaxe | 2024-11-21 | 9.8 Critical |
| Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely. | ||||
| CVE-2017-14734 | 1 Libbpg Project | 1 Libbpg | 2024-11-21 | N/A |
| The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to hevc_decode_init1. | ||||
| CVE-2017-14729 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | ||||
| CVE-2017-14727 | 1 Weechat | 2 Logger, Weechat | 2024-11-21 | N/A |
| logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized. | ||||
| CVE-2017-14694 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f.". | ||||
| CVE-2017-14693 | 1 Irfanview | 1 Irfanview | 2024-11-21 | N/A |
| IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613." | ||||
| CVE-2017-14692 | 1 Stdutility | 1 Stdu Viewer | 2024-11-21 | N/A |
| STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b." | ||||
| CVE-2017-14691 | 1 Stdutility | 1 Stdu Viewer | 2024-11-21 | N/A |
| STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_773a0000!RtlAddAccessAllowedAce+0x000000000000027a." | ||||
| CVE-2017-14690 | 1 Stdutility | 1 Stdu Viewer | 2024-11-21 | N/A |
| STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000064e7." | ||||
| CVE-2017-14689 | 1 Stdutility | 1 Stdu Viewer | 2024-11-21 | N/A |
| STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e." | ||||
| CVE-2017-14688 | 1 Stdutility | 1 Stdu Viewer | 2024-11-21 | N/A |
| STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917." | ||||
| CVE-2017-14687 | 2 Artifex, Microsoft | 2 Mupdf, Windows | 2024-11-21 | N/A |
| Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons. | ||||
| CVE-2017-14686 | 2 Artifex, Microsoft | 2 Mupdf, Windows | 2024-11-21 | N/A |
| Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers. | ||||
| CVE-2017-14685 | 2 Artifex, Microsoft | 2 Mupdf, Windows | 2024-11-21 | N/A |
| Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded. | ||||
| CVE-2017-14682 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | N/A |
| GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. | ||||
| CVE-2017-14637 | 1 Sam2p Project | 1 Sam2p | 2024-11-21 | N/A |
| In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address. | ||||
| CVE-2017-14632 | 3 Canonical, Debian, Xiph.org | 3 Ubuntu Linux, Debian Linux, Libvorbis | 2024-11-21 | 9.8 Critical |
| Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. | ||||
| CVE-2017-14631 | 1 Sam2p Project | 1 Sam2p | 2024-11-21 | N/A |
| In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer signedness error leading to a heap-based buffer overflow. | ||||