|
248471
|
7.8 |
HIGH
Local
|
libtiff
|
libtiff
|
tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application …
|
CWE-20
Improper Input Validation
|
CVE-2017-7597
|
2024-11-21 12:32 |
2017-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248472
|
7.8 |
HIGH
Local
|
libtiff
|
libtiff
|
LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibl…
|
CWE-20
Improper Input Validation
|
CVE-2017-7596
|
2024-11-21 12:32 |
2017-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248473
|
5.5 |
MEDIUM
Local
|
libtiff
|
libtiff
|
The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
|
CWE-369
Divide By Zero
|
CVE-2017-7595
|
2024-11-21 12:32 |
2017-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248474
|
5.5 |
MEDIUM
Local
|
libtiff
|
libtiff
|
The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-7594
|
2024-11-21 12:32 |
2017-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248475
|
5.5 |
MEDIUM
Local
|
libtiff
|
libtiff
|
tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7593
|
2024-11-21 12:32 |
2017-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248476
|
7.8 |
HIGH
Local
|
libtiff
|
libtiff
|
The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly…
|
CWE-20
Improper Input Validation
|
CVE-2017-7592
|
2024-11-21 12:32 |
2017-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248477
|
6.1 |
MEDIUM
Network
|
openidm_project
|
openidm
|
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/us…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7591
|
2024-11-21 12:32 |
2017-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248478
|
6.1 |
MEDIUM
Network
|
openidm_project
|
openidm
|
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7590
|
2024-11-21 12:32 |
2017-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248479
|
6.5 |
MEDIUM
Network
|
openidm_project
|
openidm
|
In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON obj…
|
CWE-200
Information Exposure
|
CVE-2017-7589
|
2024-11-21 12:32 |
2017-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248480
|
5.5 |
MEDIUM
Local
|
libsndfile_project
|
libsndfile
|
In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7586
|
2024-11-21 12:32 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
