The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2017-14171 | In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large table_entries_used field in the header but does not contain sufficient backing data, is provided, the loop over \'table_entries_used\' would consume huge CPU resources, since there is no EOF check inside the loop. | High | Sep 8, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-14222 | In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large item_count field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | HIGH | Sep 8, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-14223 | In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large ict field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | HIGH | Sep 8, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-14054 | In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large len field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop. | High | Sep 7, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-14055 | In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large nb_frames field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop. | High | Sep 7, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-14056 | In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large frame_count field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops. | High | Sep 7, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-14057 | In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large name_len or count field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops. | High | Sep 7, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-14058 | In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop). | Medium | Sep 7, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-14059 | In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large duration field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | High | Sep 7, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-14128 | The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file. | Medium | Sep 7, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2017-14129 | The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file. | Medium | Sep 7, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2017-14130 | The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file. | Medium | Sep 7, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2017-12865 | Stack-based buffer overflow in dnsproxy.c in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the name variable. | High | Sep 6, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-13673 | The vga display update in Qemu 2.8.0 through 2.9.0 mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function. | Medium | Sep 6, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-14136 | OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597. | Medium | Sep 6, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-0379 | Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. | Medium | Sep 5, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-13672 | QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. | Low | Sep 5, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-13711 | Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. | Medium | Sep 5, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-14107 | The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive. | Medium | Sep 5, 2017 | 10.17.41.9 (Wind River Linux LTS 17) |
CVE-2017-13712 | NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. | Medium | Sep 1, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-13726 | There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. | Medium | Aug 31, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-13727 | There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. | Medium | Aug 31, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-13757 | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c. | Medium | Aug 31, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2017-14064 | Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a \'\\0\' byte, returning a pointer to a string of length zero, which is not the length stored in space_len. | HIGH | Aug 31, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-13685 | The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. | Medium | Aug 30, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-13716 | The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd). | High | Aug 30, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2017-13733 | There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. | Medium | Aug 30, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
CVE-2017-3735 | While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then. | MEDIUM | Aug 30, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
CVE-2017-13710 | The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small. | MEDIUM | Aug 27, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2017-12967 | The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. | Medium | Aug 21, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2017-12862 | In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. | Medium | Aug 21, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-12863 | In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has a integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. | Medium | Aug 21, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-12864 | In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. | Medium | Aug 21, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-11185 | The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. | MEDIUM | Aug 18, 2017 | 10.17.41.6 (Wind River Linux LTS 17) |
CVE-2017-12944 | The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. | MEDIUM | Aug 18, 2017 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2017-9800 | A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server\'s repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://. | HIGH | Aug 12, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-1000099 | When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application\'s provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory. We are not aware of any exploit of this flaw. | MEDIUM | Aug 10, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-1000100 | When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The sendto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn\'t restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl\'s redirect protocols with --proto-redir and libcurl\'s with CURLOPT_REDIR_PROTOCOLS. We are not aware of any exploit of this flaw. | MEDIUM | Aug 10, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-1000101 | curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be http://ur%20[0-60000000000000000000. We are not aware of any exploit of this flaw. | MEDIUM | Aug 10, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-12799 | The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file. | MEDIUM | Aug 10, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2017-11368 | In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. | MEDIUM | Aug 9, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-12597 | OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. | Medium | Aug 8, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-12598 | OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case. | Medium | Aug 8, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-12448 | The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c. | Medium | Aug 7, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2017-12449 | The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file. | Medium | Aug 7, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2017-12450 | The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file. | Medium | Aug 7, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2017-12451 | The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file. | Medium | Aug 7, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2017-12452 | The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file. | Medium | Aug 7, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2017-12453 | The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. | Medium | Aug 7, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2017-12454 | The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file. | Medium | Aug 7, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |