The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2017-8365 | The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. | MEDIUM | May 5, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-7975 | Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. | MEDIUM | Apr 24, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-7948 | Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document. | MEDIUM | Apr 19, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-7960 | The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. | MEDIUM | Apr 19, 2017 | 10.17.41.3 (Wind River Linux LTS 17) |
| CVE-2015-4646 | (1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input. | MEDIUM | Apr 13, 2017 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2016-1516 | OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. | MEDIUM | Apr 9, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2016-1517 | OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks. | MEDIUM | Apr 9, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2015-8985 | The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. | Medium | Mar 23, 2017 | 10.17.41.17 (Wind River Linux LTS 17) |
| CVE-2017-7206 | The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. | MEDIUM | Mar 23, 2017 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2017-7208 | The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. | MEDIUM | Mar 23, 2017 | 10.17.41.3 (Wind River Linux LTS 17) |
| CVE-2015-4645 | Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow. | Medium | Mar 21, 2017 | 10.17.41.3 (Wind River Linux LTS 17) |
| CVE-2016-10166 | Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable. | HIGH | Mar 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2016-10167 | The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file. | MEDIUM | Mar 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2016-10168 | Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. | MEDIUM | Mar 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2016-6906 | The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer. | MEDIUM | Mar 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-6508 | CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. | MEDIUM | Mar 7, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2016-10228 | The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. | MEDIUM | Mar 3, 2017 | 10.17.41.24 (Wind River Linux LTS 17) |
| CVE-2016-10095 | Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. | MEDIUM | Mar 2, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2016-4491 | The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having itself as ancestor more than once. | MEDIUM | Feb 24, 2017 | 10.17.41.11 (Wind River Linux LTS 17) |
| CVE-2013-7459 | Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. | High | Feb 23, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2016-6252 | Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. | MEDIUM | Feb 22, 2017 | 10.17.41.11 (Wind River Linux LTS 17) |
| CVE-2014-9913 | Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. | Low | Jan 20, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2016-9844 | Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. | LOW | Jan 20, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2016-6321 | Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. | MEDIUM | Dec 9, 2016 | 10.17.41.1 (Wind River Linux LTS 17) |
