Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-11 | CVE-2017-7650 | Improper Authentication vulnerability in multiple products In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. | 4.0 |
| 2017-09-07 | CVE-2017-14173 | Infinite Loop vulnerability in multiple products In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. | 4.3 |
| 2017-09-07 | CVE-2017-14169 | Improper Input Validation vulnerability in multiple products In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. | 6.8 |
| 2017-09-06 | CVE-2017-14166 | Out-of-bounds Read vulnerability in multiple products libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. | 4.3 |
| 2017-09-05 | CVE-2017-2870 | Integer Overflow or Wraparound vulnerability in multiple products An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. | 6.8 |
| 2017-09-05 | CVE-2017-2862 | Out-of-bounds Write vulnerability in multiple products An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. | 6.8 |
| 2017-09-05 | CVE-2017-14152 | Out-of-bounds Write vulnerability in multiple products A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. | 6.8 |
| 2017-09-05 | CVE-2017-14151 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. | 6.8 |
| 2017-09-05 | CVE-2017-1000083 | backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. | 6.8 |
| 2017-09-04 | CVE-2017-14136 | Out-of-bounds Write vulnerability in multiple products OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. | 4.3 |