Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-13 | CVE-2015-5073 | Information Exposure vulnerability in multiple products Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis. | 9.1 |
| 2016-12-13 | CVE-2015-3418 | Divide By Zero vulnerability in X.Org Xorg-Server The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request. | 7.5 |
| 2016-12-13 | CVE-2015-3217 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/. | 7.5 |
| 2016-12-13 | CVE-2015-3210 | Out-of-bounds Write vulnerability in Pcre and Pcre2 Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384. | 9.8 |
| 2016-12-13 | CVE-2016-6520 | Out-of-bounds Read vulnerability in Imagemagick Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology. | 9.1 |
| 2016-12-13 | CVE-2016-6491 | Out-of-bounds Read vulnerability in multiple products Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image. | 8.8 |
| 2016-12-13 | CVE-2016-5842 | Out-of-bounds Read vulnerability in multiple products MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. | 7.5 |
| 2016-12-13 | CVE-2016-5841 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable. | 9.8 |
| 2016-12-13 | CVE-2016-5691 | Improper Input Validation vulnerability in multiple products The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. | 9.8 |
| 2016-12-13 | CVE-2016-5690 | NULL Pointer Dereference vulnerability in multiple products The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table. | 9.8 |