Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-28 | CVE-2017-9994 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. | 7.8 |
| 2017-06-28 | CVE-2017-9993 | Information Exposure vulnerability in multiple products FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data. | 7.5 |
| 2017-06-28 | CVE-2017-9992 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | 8.8 |
| 2017-06-28 | CVE-2017-9989 | NULL Pointer Dereference vulnerability in multiple products util/outputtxt.c in libming 0.4.8 mishandles memory allocation. | 6.5 |
| 2017-06-28 | CVE-2017-9988 | NULL Pointer Dereference vulnerability in multiple products The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. | 6.5 |
| 2017-06-26 | CVE-2017-9936 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. | 6.5 |
| 2017-06-26 | CVE-2017-9935 | Out-of-bounds Read vulnerability in multiple products In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. | 8.8 |
| 2017-06-26 | CVE-2017-9929 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file. | 5.5 |
| 2017-06-26 | CVE-2017-9928 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file. | 5.5 |
| 2017-06-25 | CVE-2017-9868 | Information Exposure vulnerability in multiple products In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. | 5.5 |