Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-03-01 CVE-2017-5977 Out-of-bounds Read vulnerability in Zziplib Project Zziplib 0.13.62
The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file.
local
low complexity
zziplib-project CWE-125
5.5
5.5
2017-03-01 CVE-2017-5976 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
local
low complexity
zziplib-project debian CWE-787
5.5
5.5
2017-03-01 CVE-2017-5975 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
local
low complexity
zziplib-project debian CWE-787
5.5
5.5
2017-03-01 CVE-2017-5974 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
local
low complexity
zziplib-project debian CWE-119
5.5
5.5
2017-03-01 CVE-2017-5855 NULL Pointer Dereference vulnerability in Podofo Project Podofo 0.9.4
The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
local
low complexity
podofo-project CWE-476
5.5
5.5
2017-03-01 CVE-2017-5854 NULL Pointer Dereference vulnerability in Podofo Project Podofo 0.9.4
base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
local
low complexity
podofo-project CWE-476
5.5
5.5
2017-03-01 CVE-2017-5852 Infinite Loop vulnerability in Podofo Project Podofo 0.9.4
The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.
local
low complexity
podofo-project CWE-835
5.5
5.5
2017-03-01 CVE-2017-5851 NULL Pointer Dereference vulnerability in Mp3Splt Project Mp3Splt 2.6.2
The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
local
low complexity
mp3splt-project CWE-476
5.5
5.5
2017-03-01 CVE-2017-5666 Use After Free vulnerability in Mp3Splt Project Mp3Splt 2.6.2
The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file.
local
low complexity
mp3splt-project CWE-416
5.5
5.5
2017-03-01 CVE-2017-5665 NULL Pointer Dereference vulnerability in Libmp3Splt Project Libmp3Splt 0.9.2
The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
local
low complexity
libmp3splt-project CWE-476
5.5
5.5