Vulnerabilities > Out-of-bounds Read

DATE CVE VULNERABILITY TITLE RISK
2017-06-27 CVE-2017-9218 Out-of-bounds Read vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.7
The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
local
low complexity
audiocoding CWE-125
5.5
2017-06-26 CVE-2017-9955 Out-of-bounds Read vulnerability in GNU Binutils 2.28
The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.
local
low complexity
gnu CWE-125
5.5
2017-06-26 CVE-2017-9954 Out-of-bounds Read vulnerability in GNU Binutils 2.28
The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.
local
low complexity
gnu CWE-125
5.5
2017-06-26 CVE-2014-8127 Out-of-bounds Read vulnerability in multiple products
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
network
low complexity
libtiff opensuse CWE-125
6.5
2017-06-26 CVE-2017-9935 Out-of-bounds Read vulnerability in multiple products
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c.
network
low complexity
libtiff canonical debian CWE-125
8.8
2017-06-25 CVE-2017-9870 Out-of-bounds Read vulnerability in Lame Project Lame 3.99.5
The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type == 2" case, a similar issue to CVE-2017-11126.
local
low complexity
lame-project CWE-125
5.5
2017-06-25 CVE-2017-9869 Out-of-bounds Read vulnerability in Lame Project Lame 3.99.5
The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.
local
low complexity
lame-project CWE-125
5.5
2017-06-25 CVE-2015-9099 Out-of-bounds Read vulnerability in Lame Project Lame 3.99.5
The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negative sample rate.
local
low complexity
lame-project CWE-125
5.5
2017-06-25 CVE-2017-9865 Out-of-bounds Read vulnerability in multiple products
The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.
local
low complexity
freedesktop debian CWE-125
5.5
2017-06-24 CVE-2017-9847 Out-of-bounds Read vulnerability in Libtorrent 1.1.3
The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
local
low complexity
libtorrent CWE-125
5.5