Vulnerabilities > Debian > Debian Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-07 | CVE-2017-14169 | Improper Input Validation vulnerability in multiple products In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. | 8.8 |
| 2017-09-05 | CVE-2017-2870 | Integer Overflow or Wraparound vulnerability in multiple products An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. | 7.8 |
| 2017-09-05 | CVE-2017-2862 | Out-of-bounds Write vulnerability in multiple products An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. | 7.8 |
| 2017-09-05 | CVE-2017-14152 | Out-of-bounds Write vulnerability in multiple products A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. | 8.8 |
| 2017-09-05 | CVE-2017-14151 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. | 8.8 |
| 2017-09-05 | CVE-2017-1000083 | backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. | 7.8 |
| 2017-09-03 | CVE-2017-14120 | Path Traversal vulnerability in multiple products unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. | 7.5 |
| 2017-09-01 | CVE-2017-12874 | Improper Input Validation vulnerability in multiple products The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities. | 7.5 |
| 2017-09-01 | CVE-2017-13711 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. | 7.5 |
| 2017-09-01 | CVE-2017-12869 | Improper Input Validation vulnerability in multiple products The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input. | 7.5 |