360 TeamSeri0us

20 exploits Active since Dec 2017
CVE-2017-17505 WRITEUP MEDIUM WRITEUP
HDF5 1.10.1 - NULL Pointer Dereference in H5O_pline_decode
In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVSS 6.5
CVE-2017-17506 WRITEUP MEDIUM WRITEUP
HDF5 1.8.0-1.10.1 - Out-of-bounds Read in H5Opline_pline_decode
In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVSS 6.5
CVE-2017-17507 WRITEUP MEDIUM WRITEUP
HDF5 1.10.1 - Out-of-bounds Read in H5T_conv_struct_opt
In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVSS 6.5
CVE-2017-17508 WRITEUP MEDIUM WRITEUP
HDF5 1.10.1 - Divide By Zero in H5T_set_loc
In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVSS 6.5
CVE-2017-17509 WRITEUP HIGH WRITEUP
HDF5 1.10.1 - Out-of-bounds Write in H5G__ent_decode_vec
In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.
CVSS 8.8
CVE-2018-10111 WRITEUP HIGH WRITEUP
GEGL < 0.3.32 - Denial of Service via Unbounded Memory Allocation in render_rectangle
An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.
CVSS 7.5
CVE-2018-10112 WRITEUP HIGH WRITEUP
gegl < 0.3.32 - Denial of Service via Malformed PNG File Handling
An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.
CVSS 8.8
CVE-2018-10113 WRITEUP HIGH WRITEUP
GEGL < 0.3.32 - Denial of Service via Unbounded Memory Allocation in PPM Load Operation
An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.
CVSS 7.5
CVE-2018-10114 WRITEUP HIGH WRITEUP
GEGL < 0.3.32 - Denial of Service via Malformed PPM File
An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c.
CVSS 8.8
CVE-2018-11555 WRITEUP HIGH WRITEUP
littlecms tificc - Out-of-bounds Write via Crafted TIFF File
tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.”
CVSS 7.8
CVE-2018-11556 WRITEUP HIGH WRITEUP
Little CMS 2.9 - Out-of-bounds Write via Crafted TIFF File
tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.”
CVSS 7.8
CVE-2018-7456 WRITEUP MEDIUM WRITEUP
libtiff 3.9.3-4.0.9 - NULL Pointer Dereference in TIFFPrintDirectory
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)
CVSS 6.5
CVE-2018-7587 WRITEUP HIGH WRITEUP
CImg v.220 - Denial of Service via Crafted BMP Image Allocation Failure
An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.
CVSS 7.8
CVE-2018-7588 WRITEUP HIGH WRITEUP
CImg v.220 - Heap-Based Buffer Over-Read in BMP Image Loader
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.
CVSS 7.8
CVE-2018-7589 WRITEUP HIGH WRITEUP
CImg v.220 - Double Free in BMP Image Loader
An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.
CVSS 7.8
CVE-2018-7712 WRITEUP HIGH WRITEUP
OpenCV 3.4.1 - Denial of Service via validateInputImageSize Assertion Failure
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.
CVSS 7.5
CVE-2018-7713 WRITEUP HIGH WRITEUP
OpenCV 3.4.1 - Denial of Service via validateInputImageSize Assertion Failure
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.
CVSS 7.5
CVE-2018-7714 WRITEUP HIGH WRITEUP
OpenCV 3.4.1 - Denial of Service via validateInputImageSize Assertion Failure
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels <= (1<<30)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.
CVSS 7.5
CVE-2018-9144 WRITEUP HIGH WRITEUP
exiv2 < 0.26 - Out-of-bounds Read in binaryToString
In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure.
CVSS 8.1
CVE-2018-9145 WRITEUP MEDIUM WRITEUP
Exiv2 - Denial of Service via Large Buffer Size in DataBuf Constructor
In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file.
CVSS 6.5