Vulnerabilities > Out-of-bounds Read

DATE CVE VULNERABILITY TITLE RISK
2017-07-17 CVE-2017-10982 Out-of-bounds Read vulnerability in Freeradius
An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service.
network
low complexity
freeradius CWE-125
7.5
2017-07-17 CVE-2017-11367 Out-of-bounds Read vulnerability in Shoco Project Shoco 20170717
The shoco_decompress function in the API in shoco through 2017-07-17 allows remote attackers to cause a denial of service (buffer over-read and application crash) via malformed compressed data.
network
low complexity
shoco-project CWE-125
7.5
2017-07-17 CVE-2017-9814 Out-of-bounds Read vulnerability in multiple products
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
network
low complexity
cairographics opensuse CWE-125
7.5
2017-07-17 CVE-2017-11341 Out-of-bounds Read vulnerability in Libsass 3.4.5
There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5.
network
low complexity
libsass CWE-125
7.5
2017-07-17 CVE-2017-11336 Out-of-bounds Read vulnerability in Exiv2 0.26
There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26.
network
low complexity
exiv2 CWE-125
6.5
2017-07-10 CVE-2017-11147 Out-of-bounds Read vulnerability in multiple products
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.
network
low complexity
php netapp CWE-125
critical
9.1
2017-07-10 CVE-2017-11126 Out-of-bounds Read vulnerability in Mpg123
The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870.
local
low complexity
mpg123 CWE-125
5.5
2017-07-08 CVE-2017-11108 Out-of-bounds Read vulnerability in Tcpdump 4.9.0
tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data.
network
low complexity
tcpdump CWE-125
7.5
2017-07-07 CVE-2017-10995 Out-of-bounds Read vulnerability in Imagemagick 7.0.60
The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image.
local
low complexity
imagemagick CWE-125
5.5
2017-07-07 CVE-2017-10989 Out-of-bounds Read vulnerability in Sqlite
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
network
low complexity
sqlite CWE-125
critical
9.8