| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow. |
| Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow. |
| fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. NOTE: some of these details are obtained from third party information. |
| Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote attackers to execute arbitrary code via a SIP message with crafted MIME data. |
| Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) Netscape plug-in (npiftw32.dll) for Macrovision (formerly InstallShield) InstallFromTheWeb allow remote attackers to execute arbitrary code via crafted HTML documents. |
| Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference. |
| Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in St. Bernard Open File Manager 9.5 allows remote attackers to execute arbitrary code via a long request. |
| Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889. |
| Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to execute arbitrary code via a crafted file that triggers memory corruption. |
| Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and possibly After Effects CS3, allows user-assisted remote attackers and physically proximate attackers to execute arbitrary code via a BMP file with an invalid image header. NOTE: the related issue in Photoshop CS3 is already covered by CVE-2007-2244. |
| Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP and SIP firmware might allow remote attackers to execute arbitrary code via a crafted DNS response. |
| Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205. |
| Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! JukeBox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddButton method, a different vulnerability than CVE-2008-0623. |
| Buffer overflow in the MediaGrid ActiveX control (mediagrid.dll) in Yahoo! Music Jukebox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddBitmap method. |
| Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors. |
| Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability." |
| Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to execute arbitrary code via a crafted LZH archive, a different vector than CVE-2007-5048. |
| Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when downloaded before 20090713, have unspecified impact and remote attack vectors. |
| Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access." |
| Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151. |
