Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-02 CVE-2017-1000456 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
network
low complexity
freedesktop debian CWE-119
8.8
2018-01-02 CVE-2017-1000450 Integer Overflow or Wraparound vulnerability in multiple products
In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow.
network
low complexity
opencv debian CWE-190
8.8
2017-12-30 CVE-2017-17997 NULL Pointer Dereference vulnerability in multiple products
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes.
network
low complexity
wireshark debian CWE-476
7.5
2017-12-27 CVE-2017-17935 Out-of-bounds Read vulnerability in multiple products
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
network
low complexity
wireshark debian CWE-125
7.5
2017-12-27 CVE-2017-17915 Out-of-bounds Read vulnerability in multiple products
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.
network
low complexity
graphicsmagick debian CWE-125
8.8
2017-12-27 CVE-2017-17913 Out-of-bounds Read vulnerability in multiple products
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.
network
low complexity
graphicsmagick debian CWE-125
8.8
2017-12-27 CVE-2017-17912 Out-of-bounds Read vulnerability in multiple products
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.
network
low complexity
graphicsmagick debian CWE-125
8.8
2017-12-27 CVE-2017-17879 Out-of-bounds Read vulnerability in multiple products
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.
network
low complexity
imagemagick debian canonical CWE-125
8.8
2017-12-27 CVE-2017-17866 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document.
local
low complexity
artifex debian CWE-119
7.8
2017-12-27 CVE-2017-17863 Integer Overflow or Wraparound vulnerability in multiple products
kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact.
local
low complexity
linux debian CWE-190
7.8