Search Results (45955 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0263 1 Nullsoft 1 Winamp 2026-04-23 N/A
Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.
CVE-2007-0776 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2026-04-23 N/A
Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.
CVE-2009-0262 1 Trilogic 1 Media Player 2026-04-23 N/A
Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information.
CVE-2007-5116 6 Debian, Larry Wall, Mandrakesoft and 3 more 12 Debian Linux, Perl, Mandrake Linux and 9 more 2026-04-23 N/A
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
CVE-2007-4675 2 Apple, Microsoft 4 Mac Os X, Quicktime, Windows Vista and 1 more 2026-04-23 N/A
Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.
CVE-2007-6228 1 Yahoo 1 Toolbar 2026-04-23 N/A
Stack-based buffer overflow in the Helper class in the yt.ythelper.2 ActiveX control in Yahoo! Toolbar 1.4.1 allows remote attackers to cause a denial of service (browser crash) via a long argument to the c method.
CVE-2007-5422 1 Sun 1 Sunos 2026-04-23 N/A
Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors.
CVE-2007-5416 1 Drupal 1 Drupal 2026-04-23 N/A
Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal_eval function through a callback parameter to the default URI, as demonstrated by the _menu[callbacks][1][callback] parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Drupal.
CVE-2007-5080 1 Realnetworks 3 Realone Player, Realplayer, Realplayer Enterprise 2026-04-23 N/A
Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.
CVE-2007-5378 2 Redhat, Tcl Tk 2 Enterprise Linux, Tk Toolkit 2026-04-23 N/A
Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137.
CVE-2007-5082 1 Broadcom 1 Brightstor Hierarchical Storage Manager 2026-04-23 N/A
Multiple stack-based buffer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands with certain opcodes, related to missing validation of a length parameter.
CVE-2009-1194 2 Pango, Redhat 2 Pango, Enterprise Linux 2026-04-23 N/A
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.
CVE-2009-1586 1 Shemes 1 Grabit 2026-04-23 N/A
Stack-based buffer overflow in the NZB importer feature in GrabIt 1.7.2 Beta 3 and earlier allows remote attackers to execute arbitrary code via a crafted DTD reference in a DOCTYPE element in an NZB file.
CVE-2009-1442 1 Google 1 Chrome 2026-04-23 N/A
Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas.
CVE-2009-1605 1 Sumatrapdfreader 1 Sumatrapdf 2026-04-23 5.4 Medium
Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: some of these details are obtained from third party information.
CVE-2006-7221 1 Fsp 1 C Library 2026-04-23 7.5 High
Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the (1) name and (2) d_name entry attributes.
CVE-2009-1606 1 Dafolo 1 Dafolocontrol 2026-04-23 N/A
Multiple stack-based and heap-based buffer overflows in Dafolo DafoloControl ActiveX control (DafoloFFControl.dll) 1.108.6.195 allow remote attackers to execute arbitrary code via long (1) baseurl, (2) kommune, (3) felter, (4) afdeling, (5) Flags, (6) HelpURL, (7) caburl, or (8) filename properties; or (9) a long argument to the Open method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1490 1 Sendmail 1 Sendmail 2026-04-23 N/A
Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.
CVE-2009-1720 1 Openexr 1 Openexr 2026-04-23 N/A
Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information.
CVE-2009-1726 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.