Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2017-03-07 CVE-2016-5315 Out-of-bounds Read vulnerability in multiple products
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
local
low complexity
libtiff debian CWE-125
5.5
5.5
2017-03-07 CVE-2013-5653 Information Exposure vulnerability in multiple products
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
local
low complexity
artifex debian CWE-200
5.5
5.5
2017-03-06 CVE-2016-10244 Out-of-bounds Read vulnerability in multiple products
The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.
local
low complexity
freetype debian CWE-125
7.8
7.8
2017-03-06 CVE-2017-6500 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in ImageMagick 6.9.7.
local
low complexity
imagemagick debian CWE-125
5.5
5.5
2017-03-06 CVE-2017-6499 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
An issue was discovered in Magick++ in ImageMagick 6.9.7.
local
low complexity
imagemagick debian CWE-772
5.5
5.5
2017-03-06 CVE-2017-6498 Improper Input Validation vulnerability in multiple products
An issue was discovered in ImageMagick 6.9.7.
local
low complexity
imagemagick debian CWE-20
5.5
5.5
2017-03-04 CVE-2017-6474 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file.
network
low complexity
wireshark debian CWE-835
7.5
7.5
2017-03-04 CVE-2017-6473 Improper Input Validation vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file.
network
low complexity
wireshark debian CWE-20
7.5
7.5
2017-03-04 CVE-2017-6472 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark debian CWE-835
7.5
7.5
2017-03-04 CVE-2017-6471 Improper Input Validation vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark debian CWE-20
7.5
7.5