Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-06-07 CVE-2017-9471 Out-of-bounds Read vulnerability in multiple products
In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
local
low complexity
ytnef-project canonical CWE-125
5.5
2017-06-02 CVE-2017-9404 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
network
low complexity
libtiff debian canonical CWE-772
6.5
2017-06-02 CVE-2017-9403 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
network
low complexity
libtiff debian canonical CWE-772
6.5
2017-06-01 CVE-2017-6512 Race Condition vulnerability in multiple products
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.
network
high complexity
file canonical debian CWE-362
5.9
2017-05-26 CVE-2017-9239 Divide By Zero vulnerability in multiple products
An issue was discovered in Exiv2 0.26.
network
low complexity
exiv2 canonical CWE-369
6.5
2017-05-23 CVE-2017-9210 Infinite Loop vulnerability in multiple products
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.
local
low complexity
qpdf-project canonical CWE-835
5.5
2017-05-23 CVE-2017-9209 Infinite Loop vulnerability in multiple products
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.
local
low complexity
qpdf-project canonical CWE-835
5.5
2017-05-23 CVE-2017-9208 Infinite Loop vulnerability in multiple products
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.
local
low complexity
qpdf-project canonical CWE-835
5.5
2017-05-08 CVE-2017-8831 Out-of-bounds Read vulnerability in multiple products
The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability.
high complexity
linux canonical debian CWE-125
6.4
2017-04-09 CVE-2017-7613 Improper Input Validation vulnerability in multiple products
elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-20
5.5