Vulnerabilities > Out-of-bounds Read

DATE CVE VULNERABILITY TITLE RISK
2016-08-12 CVE-2016-6132 Out-of-bounds Read vulnerability in multiple products
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
4.3
2016-08-07 CVE-2016-2064 Out-of-bounds Read vulnerability in Linux Kernel
sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted application that makes an ioctl call specifying many commands.
local
linux CWE-125
6.9
2016-08-07 CVE-2016-5352 Out-of-bounds Read vulnerability in Wireshark
epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
network
wireshark CWE-125
4.3
2016-08-07 CVE-2016-5093 Out-of-bounds Read vulnerability in PHP
The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call.
network
low complexity
php CWE-125
7.5
2016-08-07 CVE-2013-7456 Out-of-bounds Read vulnerability in Libgd 2.1.0
gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.
network
libgd php CWE-125
6.8
2016-08-06 CVE-2016-3855 Out-of-bounds Read vulnerability in Google Android
drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR990824.
network
google CWE-125
6.8
2016-08-06 CVE-2016-3854 Out-of-bounds Read vulnerability in Google Android
drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR897326.
network
google CWE-125
6.8
2016-08-05 CVE-2016-1513 Out-of-bounds Read vulnerability in Apache Openoffice
The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file.
network
apache CWE-125
6.8
2016-08-01 CVE-2016-2180 Out-of-bounds Read vulnerability in multiple products
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.
network
low complexity
openssl oracle CWE-125
7.5
2016-07-25 CVE-2016-6294 Out-of-bounds Read vulnerability in PHP
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.
network
low complexity
php CWE-125
critical
9.8