Filtered by CWE-189
Filtered by vendor Subscriptions
Total 1224 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2007-2224 1 Microsoft 5 Office, Visual Basic, Windows 2000 and 2 more 2024-11-21 N/A
Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
CVE-2007-1865 1 Redhat 1 Enterprise Linux 2024-11-21 N/A
The ipv6_getsockopt_sticky function in the kernel in Red Hat Enterprise Linux (RHEL) Beta 5.1.0 allows local users to obtain sensitive information (kernel memory contents) via a negative value of the len parameter. NOTE: this issue has been disputed in a bug comment, stating that "len is ignored when copying header info to the user's buffer.
CVE-2007-1797 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2024-11-21 N/A
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.
CVE-2007-1667 4 Canonical, Debian, Redhat and 1 more 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more 2024-11-21 N/A
Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
CVE-2007-1536 2 File, Redhat 2 File, Enterprise Linux 2024-11-21 N/A
Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
CVE-2007-1466 2 Redhat, Sourceforge 2 Enterprise Linux, Wordperfect Document Importer-exporter 2024-11-21 N/A
Integer overflow in the WP6GeneralTextPacket::_readContents function in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file, a different vulnerability than CVE-2007-0002.
CVE-2007-1383 1 Php 1 Php 2024-11-21 N/A
Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.
CVE-2007-1351 7 Mandrakesoft, Openbsd, Redhat and 4 more 11 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall and 8 more 2024-11-21 N/A
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
CVE-2007-1270 1 Vmware 2 Esx, Esx Server 2024-11-21 N/A
Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.
CVE-2007-1218 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2024-11-21 N/A
Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.
CVE-2007-1001 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Application Stack 2024-11-21 N/A
Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.
CVE-2007-0714 2 Apple, Microsoft 3 Mac Os X, Quicktime, Windows 2024-11-21 N/A
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.
CVE-2007-0711 2 Apple, Microsoft 2 Quicktime, Windows 2024-11-21 N/A
Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.
CVE-2007-0229 2 Apple, Freebsd 3 Mac Os X, Mac Os X Server, Freebsd 2024-11-21 N/A
Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
CVE-2007-0071 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2024-11-21 N/A
Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.
CVE-2007-0062 1 Vmware 5 Ace, Player, Server and 2 more 2024-11-21 N/A
Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.
CVE-2007-0008 2 Mozilla, Redhat 5 Firefox, Network Security Services, Seamonkey and 2 more 2024-11-21 N/A
Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.
CVE-2006-7252 2 Freebsd, Netbsd 2 Freebsd, Netbsd 2024-11-21 N/A
Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte.
CVE-2006-7230 2 Pcre, Redhat 2 Pcre, Enterprise Linux 2024-11-21 N/A
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.
CVE-2006-7228 2 Pcre, Redhat 2 Pcre, Enterprise Linux 2024-11-21 N/A
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.