Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-09 CVE-2017-7613 Improper Input Validation vulnerability in multiple products
elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-20
5.5
5.5
2017-04-09 CVE-2017-7612 Out-of-bounds Read vulnerability in multiple products
The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-125
5.5
5.5
2017-04-09 CVE-2017-7611 Out-of-bounds Read vulnerability in multiple products
The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-125
5.5
5.5
2017-04-09 CVE-2017-7610 Out-of-bounds Read vulnerability in multiple products
The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-125
5.5
5.5
2017-04-09 CVE-2017-7609 Improper Input Validation vulnerability in Elfutils Project Elfutils 0.168
elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
local
low complexity
elfutils-project CWE-20
5.5
5.5
2017-04-09 CVE-2017-7608 Out-of-bounds Read vulnerability in multiple products
The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-125
5.5
5.5
2017-04-09 CVE-2017-7607 Out-of-bounds Read vulnerability in Elfutils Project Elfutils 0.168
The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
elfutils-project CWE-125
5.5
5.5
2017-04-09 CVE-2017-7606 Improper Input Validation vulnerability in Imagemagick 7.0.54
coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
network
low complexity
imagemagick CWE-20
6.5
6.5
2017-04-09 CVE-2017-7595 Divide By Zero vulnerability in Libtiff 4.0.7
The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
local
low complexity
libtiff CWE-369
5.5
5.5
2017-04-09 CVE-2017-7594 Missing Release of Resource after Effective Lifetime vulnerability in Libtiff 4.0.7
The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.
local
low complexity
libtiff CWE-772
5.5
5.5