Vulnerabilities > Out-of-bounds Read

DATE CVE VULNERABILITY TITLE RISK
2016-01-12 CVE-2015-8397 Out-of-bounds Read vulnerability in Grassroots Dicom Project Grassroots Dicom
The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image file, which triggers an out-of-bounds read.
network
low complexity
grassroots-dicom-project CWE-125
6.4
2015-11-09 CVE-2015-2697 Out-of-bounds Read vulnerability in multiple products
The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.
network
low complexity
mit oracle canonical debian opensuse suse CWE-125
4.0
2015-02-08 CVE-2014-9669 Out-of-bounds Read vulnerability in multiple products
Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.
6.8
2015-02-08 CVE-2014-9658 Out-of-bounds Read vulnerability in multiple products
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
7.5
2015-02-08 CVE-2014-9657 Out-of-bounds Read vulnerability in multiple products
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
7.5
2014-11-10 CVE-2014-7825 Out-of-bounds Read vulnerability in Linux Kernel
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.
local
low complexity
linux CWE-125
7.8
2014-11-06 CVE-2014-8483 Out-Of-Bounds Read vulnerability in multiple products
The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.
network
low complexity
canonical debian quassel-irc opensuse CWE-125
5.0
2014-10-22 CVE-2014-3675 Out-Of-Bounds Read vulnerability in Redhat Shim
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
network
low complexity
redhat CWE-125
5.0
2014-07-20 CVE-2014-4341 Out-Of-Bounds Read vulnerability in multiple products
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.
network
low complexity
mit redhat debian fedoraproject CWE-125
5.0
2014-04-30 CVE-2014-1522 Out-Of-Bounds Read vulnerability in multiple products
The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted content.
9.3