The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2018-10393 | bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. | MEDIUM | Apr 26, 2018 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2017-6888 | An error in the read_metadata_vorbiscomment_() function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. | MEDIUM | Apr 25, 2018 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2018-9251 | The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035. | LOW | Apr 3, 2018 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2018-9138 | An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. | MEDIUM | Mar 30, 2018 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2004-2779 | id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS). | MEDIUM | Feb 20, 2018 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2018-1000035 | A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution. | MEDIUM | Feb 12, 2018 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2017-17456 | The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14245. | MEDIUM | Dec 7, 2017 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2017-17457 | The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14246. | MEDIUM | Dec 7, 2017 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2017-16808 | tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. | MEDIUM | Nov 15, 2017 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2017-14634 | In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. | MEDIUM | Sep 21, 2017 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2017-12678 | In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. | MEDIUM | Aug 7, 2017 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2016-10396 | The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place. | HIGH | Jul 6, 2017 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2017-9778 | GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. | MEDIUM | Jun 26, 2017 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2017-6892 | In libsndfile version 1.0.28, an error in the aiff_read_chanmap() function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. | MEDIUM | Jun 12, 2017 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2017-6519 | avahi-daemon in Avahi through 0.6.32 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809. | MEDIUM | May 12, 2017 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2017-8872 | The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. | MEDIUM | May 10, 2017 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2017-8361 | The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. | MEDIUM | May 5, 2017 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2017-8362 | The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. | MEDIUM | May 5, 2017 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2017-8363 | The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | MEDIUM | May 5, 2017 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2017-8365 | The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. | MEDIUM | May 5, 2017 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2015-4645 | Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow. | Medium | Mar 21, 2017 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2016-10228 | The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. | MEDIUM | Mar 3, 2017 | 10.19.45.16 (Wind River Linux LTS 19) |
| CVE-2014-9913 | Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. | Low | Jan 20, 2017 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2016-9844 | Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. | LOW | Jan 20, 2017 | 10.19.45.1 (Wind River Linux LTS 19) |
