CWE:
 

Topic
Date
Author
High
Google SketchUp lib3ds 3DS Importer Memory Corruption
18.01.2010
CORE


CVEMAP Search Results

CVE
Details
Description
2018-06-04
Medium
CVE-2018-11710

Updating...
 

 
soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation.

 
2018-05-30
Medium
CVE-2018-11556

Vendor: Littlecms
Software: Little cms
 

 
tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file.

 
Medium
CVE-2018-11555

Vendor: Littlecms
Software: Little cms
 

 
tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file.

 
2018-05-25
Medium
CVE-2018-6235

Vendor: Trendmicro
Software: Antivirus+
 

 
An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

 
2018-05-24
Medium
CVE-2018-5675

Vendor: Foxitsoftware
Software: Phantompdf
 

 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an out-of-bounds write on a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.

 
2018-05-19
High
CVE-2018-4918

Vendor: Adobe
Software: Acrobat 2017
 

 
Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

 
High
CVE-2018-4935

Vendor: Adobe
Software: Flash player
 

 
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

 
High
CVE-2018-4937

Vendor: Adobe
Software: Flash player
 

 
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

 
2018-05-17
Medium
CVE-2018-10489

Vendor: Foxitsoftware
Software: Foxit reader
 

 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh Declaration structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5421.

 
Medium
CVE-2018-10473

Vendor: Foxitsoftware
Software: Foxit reader
 

 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D CLOD Base Mesh Continuation structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5392.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top