Search Results (9235 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5221 5 Fedoraproject, Jasper Project, Opensuse and 2 more 6 Fedora, Jasper, Leap and 3 more 2025-04-20 N/A
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2015-6673 1 Libpgf 1 Libpgf 2025-04-20 N/A
Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32.
CVE-2015-8894 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.
CVE-2016-10188 1 Bitlbee 1 Bitlbee 2025-04-20 N/A
Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.
CVE-2016-10211 1 Virustotal 1 Yara 2025-04-20 N/A
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function.
CVE-2016-10217 1 Artifex 1 Ghostscript 2025-04-20 N/A
The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module.
CVE-2016-5007 2 Pivotal Software, Vmware 3 Spring Framework, Spring Framework, Spring Security 2025-04-20 N/A
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
CVE-2016-6912 1 Libgd 1 Libgd 2025-04-20 N/A
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
CVE-2016-7835 2 Dena, H2o Project 2 H2o, H2o 2025-04-20 N/A
Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.
CVE-2016-7906 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2025-04-20 5.5 Medium
magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.
CVE-2016-7978 2 Artifex, Redhat 2 Ghostscript, Enterprise Linux 2025-04-20 N/A
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
CVE-2016-8674 1 Artifex 1 Mupdf 2025-04-20 N/A
The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.
CVE-2016-8693 4 Fedoraproject, Jasper Project, Opensuse and 1 more 4 Fedora, Jasper, Opensuse and 1 more 2025-04-20 N/A
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
CVE-2016-9279 1 Samsung 1 Exynos Fimg2d Driver 2025-04-20 N/A
Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. The Samsung ID is SVE-2016-6853.
CVE-2017-0070 1 Microsoft 3 Edge, Windows 10, Windows Server 2016 2025-04-20 N/A
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.
CVE-2017-0727 1 Google 1 Android 2025-04-20 N/A
A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354.
CVE-2017-0861 2 Google, Redhat 4 Android, Enterprise Linux, Rhel Eus and 1 more 2025-04-20 N/A
Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.
CVE-2017-1000197 1 Octobercms 1 October 2025-04-20 N/A
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.
CVE-2017-1000198 2 Redhat, Tcmu-runner Project 2 Storage, Tcmu-runner 2025-04-20 N/A
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service
CVE-2017-1000211 1 Lynx Project 1 Lynx 2025-04-20 N/A
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.