Vulnerabilities > GNU
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-22 | CVE-2017-15804 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Glibc The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. | 9.8 |
| 2017-10-20 | CVE-2017-15671 | Missing Release of Resource after Effective Lifetime vulnerability in GNU Glibc The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). | 5.9 |
| 2017-10-20 | CVE-2017-15670 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Glibc The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. | 9.8 |
| 2017-10-18 | CVE-2017-15602 | Infinite Loop vulnerability in GNU Libextractor 1.4 In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size. | 7.5 |
| 2017-10-18 | CVE-2017-15601 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Libextractor 1.4 In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup. | 7.5 |
| 2017-10-18 | CVE-2017-15600 | NULL Pointer Dereference vulnerability in GNU Libextractor 1.4 In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c. | 7.5 |
| 2017-10-18 | CVE-2011-5320 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Glibc scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s. | 6.2 |
| 2017-10-11 | CVE-2017-15267 | NULL Pointer Dereference vulnerability in GNU Libextractor 1.4 In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c. | 7.5 |
| 2017-10-11 | CVE-2017-15266 | Divide By Zero vulnerability in GNU Libextractor 1.4 In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate. | 5.5 |
| 2017-10-10 | CVE-2017-15225 | Missing Release of Resource after Effective Lifetime vulnerability in GNU Binutils 2.29 _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file. | 5.5 |