Search Results (46471 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-28570 1 Freeimage Project 1 Freeimage 2025-03-28 5.5 Medium
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG format.
CVE-2024-28571 1 Freeimage Project 1 Freeimage 2025-03-28 5.5 Medium
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG format.
CVE-2024-28572 1 Freeimage Project 1 Freeimage 2025-03-28 6.2 Medium
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format.
CVE-2024-28573 1 Freeimage Project 1 Freeimage 2025-03-28 6.2 Medium
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG format.
CVE-2024-28574 1 Freeimage Project 1 Freeimage 2025-03-28 6.2 Medium
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format.
CVE-2024-28575 1 Freeimage Project 1 Freeimage 2025-03-28 8.4 High
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format.
CVE-2024-28576 1 Freeimage Project 1 Freeimage 2025-03-28 5.5 Medium
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K format.
CVE-2024-28578 1 Freeimage Project 1 Freeimage 2025-03-28 8.4 High
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format.
CVE-2024-28579 1 Freeimage Project 1 Freeimage 2025-03-28 6.2 Medium
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR format.
CVE-2024-28580 1 Freeimage Project 1 Freeimage 2025-03-28 8.4 High
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format.
CVE-2024-28581 1 Freeimage Project 1 Freeimage 2025-03-28 8.4 High
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format.
CVE-2024-28582 1 Freeimage Project 1 Freeimage 2025-03-28 8.4 High
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format.
CVE-2024-28583 1 Freeimage Project 1 Freeimage 2025-03-28 7.8 High
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format.
CVE-2025-0190 1 Aimstack 1 Aim 2025-03-28 7.5 High
In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these objects. This vulnerability can be exploited repeatedly, leading to a complete denial of service.
CVE-2022-48303 3 Fedoraproject, Gnu, Redhat 4 Fedora, Tar, Enterprise Linux and 1 more 2025-03-27 5.5 Medium
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.
CVE-2024-1550 3 Debian, Mozilla, Redhat 8 Debian Linux, Firefox, Thunderbird and 5 more 2025-03-27 6.1 Medium
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
CVE-2022-42403 1 Pdf-xchange 1 Pdf-xchange Editor 2025-03-27 7.8 High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18892.
CVE-2024-32894 1 Google 1 Android 2025-03-27 7.5 High
In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2022-47035 1 Dlink 2 Dir-825, Dir-825 Firmware 2025-03-27 9.8 Critical
Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.
CVE-2022-34888 1 Lenovo 196 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 193 more 2025-03-27 2.7 Low
The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect.