| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges. |
| All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges. |
| GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths. |
| XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e388." |
| XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls subsequent Write Address starting at Xfpx!gffGetFormatInfo+0x000000000002bfd5." |
| XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .bie file, related to a "Read Access Violation on Block Data Move starting at Xjbig+0x000000000000121b." |
| IrfanView version 4.44 (32bit) with TOOLS plugin 4.50 allows attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "Read Access Violation on Block Data Move starting at ntdll_77df0000!memcpy+0x0000000000000033." |
| gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering |
| IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpCompareResourceNames_U+0x0000000000000062." |
| Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function. |
| Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function |
| Exiv2 0.26 contains a heap buffer overflow in tiff parser |
| curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`. |
| Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service |
| In SWFTools, an address access exception was found in swfdump swf_GetBits(). |
| In SWFTools, a memcpy buffer overflow was found in swfc. |
| In SWFTools, a memcpy buffer overflow was found in gif2swf. |
| In SWFTools, a stack overflow was found in pdf2swf. |
| In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF() |
| tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service |
