Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 1855 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2017-13711 Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. Medium Sep 5, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-14107 The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive. Medium Sep 5, 2017 10.17.41.9 (Wind River Linux LTS 17)
CVE-2017-13712 NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. Medium Sep 1, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-13726 There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. Medium Aug 31, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-13727 There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. Medium Aug 31, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-13757 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c. Medium Aug 31, 2017 10.17.41.7 (Wind River Linux LTS 17)
CVE-2017-14064 Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a \'\\0\' byte, returning a pointer to a string of length zero, which is not the length stored in space_len. HIGH Aug 31, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-13685 The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. Medium Aug 30, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-13716 The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd). High Aug 30, 2017 10.17.41.7 (Wind River Linux LTS 17)
CVE-2017-13733 There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. Medium Aug 30, 2017 10.17.41.5 (Wind River Linux LTS 17)
CVE-2017-3735 While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then. MEDIUM Aug 30, 2017 10.17.41.5 (Wind River Linux LTS 17)
CVE-2017-13710 The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small. MEDIUM Aug 27, 2017 10.17.41.7 (Wind River Linux LTS 17)
CVE-2017-12967 The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. Medium Aug 21, 2017 10.17.41.7 (Wind River Linux LTS 17)
CVE-2017-12862 In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. Medium Aug 21, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-12863 In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has a integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. Medium Aug 21, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-12864 In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. Medium Aug 21, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-11185 The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. MEDIUM Aug 18, 2017 10.17.41.6 (Wind River Linux LTS 17)
CVE-2017-12944 The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. MEDIUM Aug 18, 2017 10.17.41.13 (Wind River Linux LTS 17)
CVE-2017-9800 A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server\'s repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://. HIGH Aug 12, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-1000099 When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application\'s provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory. We are not aware of any exploit of this flaw. MEDIUM Aug 10, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-1000100 When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The sendto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn\'t restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl\'s redirect protocols with --proto-redir and libcurl\'s with CURLOPT_REDIR_PROTOCOLS. We are not aware of any exploit of this flaw. MEDIUM Aug 10, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-1000101 curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be http://ur%20[0-60000000000000000000. We are not aware of any exploit of this flaw. MEDIUM Aug 10, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-12799 The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file. MEDIUM Aug 10, 2017 10.17.41.7 (Wind River Linux LTS 17)
CVE-2017-11368 In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. MEDIUM Aug 9, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-12597 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. Medium Aug 8, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-12598 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case. Medium Aug 8, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-12448 The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c. Medium Aug 7, 2017 10.17.41.7 (Wind River Linux LTS 17)
CVE-2017-12449 The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file. Medium Aug 7, 2017 10.17.41.7 (Wind River Linux LTS 17)
CVE-2017-12450 The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file. Medium Aug 7, 2017 10.17.41.7 (Wind River Linux LTS 17)
CVE-2017-12451 The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file. Medium Aug 7, 2017 10.17.41.7 (Wind River Linux LTS 17)
CVE-2017-12452 The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file. Medium Aug 7, 2017 10.17.41.7 (Wind River Linux LTS 17)
CVE-2017-12453 The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. Medium Aug 7, 2017 10.17.41.7 (Wind River Linux LTS 17)
CVE-2017-12454 The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file. Medium Aug 7, 2017 10.17.41.7 (Wind River Linux LTS 17)
CVE-2017-12455 The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. Medium Aug 7, 2017 10.17.41.7 (Wind River Linux LTS 17)
CVE-2017-12456 The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file. Medium Aug 7, 2017 10.17.41.7 (Wind River Linux LTS 17)
CVE-2017-12457 The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file. Medium Aug 7, 2017 10.17.41.7 (Wind River Linux LTS 17)
CVE-2017-12458 The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file. Medium Aug 7, 2017 10.17.41.7 (Wind River Linux LTS 17)
CVE-2017-12459 The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file. Medium Aug 7, 2017 10.17.41.7 (Wind River Linux LTS 17)
CVE-2017-12600 OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case. High Aug 7, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-12601 OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using cv::imread, as demonstrated by the 4-buf-overflow-readData-memcpy test case. Medium Aug 7, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-12602 OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case. High Aug 7, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-12603 OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case. Medium Aug 7, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-12604 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread. Medium Aug 7, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-12605 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread. Medium Aug 7, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-12606 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread. Medium Aug 7, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-12678 In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. MEDIUM Aug 7, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-12588 The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact. HIGH Aug 6, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-11333 The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file. Medium Aug 4, 2017 10.17.41.15 (Wind River Linux LTS 17)
CVE-2017-11714 psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. Medium Aug 4, 2017 10.0.0.0 (Wind River Linux LTS 17)
CVE-2017-12424 In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. HIGH Aug 4, 2017 10.0.0.0 (Wind River Linux LTS 17)
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version.
Live chat
Online