360 TeamSeri0us

20 exploits Active since Dec 2017
CVE-2017-17505 WRITEUP MEDIUM WRITEUP
Hdfgroup Hdf5 - NULL Pointer Dereference
In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVSS 6.5
CVE-2017-17506 WRITEUP MEDIUM WRITEUP
Hdfgroup Hdf5 < 1.10.1 - Out-of-Bounds Read
In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVSS 6.5
CVE-2017-17507 WRITEUP MEDIUM WRITEUP
Hdfgroup Hdf5 - Out-of-Bounds Read
In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVSS 6.5
CVE-2017-17508 WRITEUP MEDIUM WRITEUP
Hdfgroup Hdf5 - Divide By Zero
In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVSS 6.5
CVE-2017-17509 WRITEUP HIGH WRITEUP
Hdfgroup Hdf5 - Out-of-Bounds Write
In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.
CVSS 8.8
CVE-2018-10111 WRITEUP HIGH WRITEUP
GEGL <0.3.32 - DoS
An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.
CVSS 7.5
CVE-2018-10112 WRITEUP HIGH WRITEUP
GEGL <0.3.32 - DoS
An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.
CVSS 8.8
CVE-2018-10113 WRITEUP HIGH WRITEUP
GEGL <0.3.32 - DoS
An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.
CVSS 7.5
CVE-2018-10114 WRITEUP HIGH WRITEUP
GEGL <0.3.32 - DoS
An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c.
CVSS 8.8
CVE-2018-11555 WRITEUP HIGH WRITEUP
Littlecms Little Cms - Out-of-Bounds Write
tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.”
CVSS 7.8
CVE-2018-11556 WRITEUP HIGH WRITEUP
Littlecms Little Cms - Out-of-Bounds Write
tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.”
CVSS 7.8
CVE-2018-7456 WRITEUP MEDIUM WRITEUP
Libtiff - NULL Pointer Dereference
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)
CVSS 6.5
CVE-2018-7587 WRITEUP HIGH WRITEUP
Cimg - Memory Corruption
An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.
CVSS 7.8
CVE-2018-7588 WRITEUP HIGH WRITEUP
Cimg - Out-of-Bounds Read
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.
CVSS 7.8
CVE-2018-7589 WRITEUP HIGH WRITEUP
Cimg - Double Free
An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.
CVSS 7.8
CVE-2018-7712 WRITEUP HIGH WRITEUP
OpenCV 3.4.1 - DoS
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.
CVSS 7.5
CVE-2018-7713 WRITEUP HIGH WRITEUP
OpenCV 3.4.1 - DoS
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.
CVSS 7.5
CVE-2018-7714 WRITEUP HIGH WRITEUP
OpenCV 3.4.1 - DoS
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels <= (1<<30)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.
CVSS 7.5
CVE-2018-9144 WRITEUP HIGH WRITEUP
Exiv2 < 0.26 - Out-of-Bounds Read
In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure.
CVSS 8.1
CVE-2018-9145 WRITEUP MEDIUM WRITEUP
Exiv2 - Improper Input Validation
In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file.
CVSS 6.5