Monthly Archive: April 2017

CVE-2017-8378

Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size....

CVE-2017-8374

The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. Date published : 2017-04-30...

CVE-2017-8373

The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted...

CVE-2017-8372

The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file. Date...

CVE-2017-8371

Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. Date published : 2017-04-30 http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-343-01 http://www.datacenterdynamics.com/content-tracks/security-risk/schneider-patches-critical-vulnerability-in-struxureware-dcim/97738.fullarticle

CVE-2017-8367

Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB...

CVE-2017-8366

The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted filter that...

CVE-2017-8365

The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. Date published : 2017-04-30 https://security.gentoo.org/glsa/201811-23 libsndfile: global...

CVE-2017-8364

The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive. Date...

CVE-2017-8363

The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. Date published : 2017-04-30 https://security.gentoo.org/glsa/201811-23 libsndfile:...

CVE-2017-8362

The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. Date published : 2017-04-30 https://security.gentoo.org/glsa/201811-23 libsndfile: invalid...