Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-20 | CVE-2017-17806 | Out-of-bounds Write vulnerability in multiple products The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. | 7.8 |
| 2017-12-20 | CVE-2017-17805 | Improper Input Validation vulnerability in multiple products The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. | 7.8 |
| 2017-12-20 | CVE-2017-17789 | Out-of-bounds Write vulnerability in multiple products In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. | 7.8 |
| 2017-12-20 | CVE-2017-17788 | Out-of-bounds Read vulnerability in multiple products In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string. | 5.5 |
| 2017-12-20 | CVE-2017-17787 | Out-of-bounds Read vulnerability in multiple products In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c. | 7.8 |
| 2017-12-20 | CVE-2017-17786 | Out-of-bounds Read vulnerability in multiple products In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image. | 7.8 |
| 2017-12-20 | CVE-2017-17785 | Out-of-bounds Write vulnerability in multiple products In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c. | 7.8 |
| 2017-12-20 | CVE-2017-17784 | Out-of-bounds Read vulnerability in multiple products In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. | 7.8 |
| 2017-12-14 | CVE-2017-17682 | Resource Exhaustion vulnerability in multiple products In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call. | 6.5 |
| 2017-12-14 | CVE-2017-17681 | Infinite Loop vulnerability in multiple products In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file. | 6.5 |