CVE & Exploit Intelligence Database

CVE-2017-6011 5.5 MEDIUM EPSS 0.00

An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool.

CWE-125 Feb 16, 2017

CVE-2017-6010 5.5 MEDIUM EPSS 0.00

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.

CWE-119 Feb 16, 2017

CVE-2017-6009 5.5 MEDIUM EPSS 0.00

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool.

CWE-119 Feb 16, 2017

CVE-2017-0320 5.5 MEDIUM EPSS 0.00

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system.

Feb 15, 2017

CVE-2017-0319 5.5 MEDIUM EPSS 0.00

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system.

Feb 15, 2017

CVE-2017-0318 5.5 MEDIUM EPSS 0.00

All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system.

CWE-20 Feb 15, 2017

CVE-2017-0310 6.5 MEDIUM EPSS 0.00

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service.

CWE-269 Feb 15, 2017

CVE-2016-8681 5.5 MEDIUM EPSS 0.01

The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.

CWE-125 Feb 15, 2017

CVE-2016-8680 6.5 MEDIUM EPSS 0.01

The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.

CWE-125 Feb 15, 2017

CVE-2016-8679 6.5 MEDIUM EPSS 0.01

The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.

CWE-125 Feb 15, 2017

CVE-2016-8678 5.5 MEDIUM EPSS 0.00

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

CWE-125 Feb 15, 2017

CVE-2016-8676 5.5 MEDIUM EPSS 0.00

The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file. NOTE: this issue exists due to an incomplete fix for CVE-2016-8675.

CWE-476 Feb 15, 2017

CVE-2016-8675 5.5 MEDIUM 1 Writeup EPSS 0.00

The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection.

CWE-476 Feb 15, 2017

CVE-2016-8674 5.5 MEDIUM EPSS 0.00

The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.

CWE-416 Feb 15, 2017

CVE-2016-7499 5.5 MEDIUM EPSS 0.01

The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file.

CWE-369 Feb 15, 2017

CVE-2016-7477 5.5 MEDIUM EPSS 0.00

The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted mp3 file. NOTE: this issue was originally reported as involving a NULL pointer dereference.

CWE-476 Feb 15, 2017

CVE-2016-7393 5.5 MEDIUM EPSS 0.00

Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.

CWE-125 Feb 15, 2017

CVE-2016-7392 5.5 MEDIUM EPSS 0.00

Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file.

CWE-787 Feb 15, 2017

CVE-2017-5896 5.5 MEDIUM EPSS 0.00

Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.

CWE-125 Feb 15, 2017

CVE-2016-9010 6.1 MEDIUM EPSS 0.00

IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906.

CWE-254 Feb 15, 2017