Vulnerabilities > Out-of-bounds Read
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-27 | CVE-2017-5054 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page. | 8.8 |
| 2017-10-27 | CVE-2017-5053 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf. | 9.6 |
| 2017-10-26 | CVE-2017-15922 | Out-of-bounds Read vulnerability in GNU Libextractor 1.4 In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c. | 4.3 |
| 2017-10-24 | CVE-2017-12618 | Out-of-bounds Read vulnerability in Apache Portable Runtime Utility Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. | 1.9 |
| 2017-10-24 | CVE-2017-12613 | Out-of-bounds Read vulnerability in multiple products When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. | 7.1 |
| 2017-10-22 | CVE-2017-15722 | Out-of-bounds Read vulnerability in multiple products In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. | 4.3 |
| 2017-10-22 | CVE-2017-15228 | Out-of-bounds Read vulnerability in Irssi Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string. | 5.0 |
| 2017-10-16 | CVE-2017-15368 | Out-of-bounds Read vulnerability in Radare Radare2 2.0.0 The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call. | 6.8 |
| 2017-10-11 | CVE-2017-13722 | Out-of-bounds Read vulnerability in X.Org Libxfont 2.0.0/2.0.1 In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. | 3.6 |
| 2017-10-11 | CVE-2017-13720 | Out-of-bounds Read vulnerability in X.Org Libxfont 2.0.0/2.0.1 In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). | 3.6 |