Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-09-08 CVE-2017-14167 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.
local
low complexity
qemu debian CWE-190
8.8
2017-09-07 CVE-2017-6362 Double Free vulnerability in multiple products
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.
network
low complexity
libgd debian fedoraproject canonical CWE-415
7.5
2017-09-07 CVE-2017-14169 Improper Input Validation vulnerability in multiple products
In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided.
network
low complexity
ffmpeg debian CWE-20
8.8
2017-09-05 CVE-2017-2870 Integer Overflow or Wraparound vulnerability in multiple products
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang.
local
low complexity
gnome debian CWE-190
7.8
2017-09-05 CVE-2017-2862 Out-of-bounds Write vulnerability in multiple products
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6.
local
low complexity
gnome debian CWE-787
7.8
2017-09-05 CVE-2017-14152 Out-of-bounds Write vulnerability in multiple products
A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0.
network
low complexity
uclouvain debian CWE-787
8.8
2017-09-05 CVE-2017-14151 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0.
network
low complexity
uclouvain debian CWE-119
8.8
2017-09-05 CVE-2017-1000083 backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
local
low complexity
gnome debian redhat
7.8
2017-09-03 CVE-2017-14120 Path Traversal vulnerability in multiple products
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.
network
low complexity
rarlab debian CWE-22
7.5
2017-09-01 CVE-2017-12874 Improper Input Validation vulnerability in multiple products
The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.
network
low complexity
simplesamlphp debian CWE-20
7.5