Search Results (9035 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-10959 1 Foxitsoftware 1 Foxit Reader 2025-04-20 N/A
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setAction method of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4981.
CVE-2017-10957 1 Foxitsoftware 1 Foxit Reader 2025-04-20 N/A
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the arrowEnd attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4979.
CVE-2017-16586 1 Foxitsoftware 1 Foxit Reader 2025-04-20 N/A
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAnnot method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5295.
CVE-2017-3035 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2025-04-20 N/A
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture (XFA) engine. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3073 6 Adobe, Apple, Google and 3 more 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more 2025-04-20 8.8 High
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.
CVE-2017-7364 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition.
CVE-2017-3027 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2025-04-20 N/A
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XFA module, related to the choiceList element. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2922 1 Cesanta 1 Mongoose 2025-04-20 9.8 Critical
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability.
CVE-2017-16575 1 Foxitsoftware 1 Foxit Reader 2025-04-20 N/A
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA's bind element. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5091.
CVE-2017-14857 1 Exiv2 1 Exiv2 2025-04-20 N/A
In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack.
CVE-2015-7700 1 Pngcrush Project 1 Pngcrush 2025-04-20 N/A
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors.
CVE-2017-12780 1 Matroska 3 Libebml2, Mkclean, Mkvalidator 2025-04-20 N/A
The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file.
CVE-2017-5357 2 Fedoraproject, Gnu 2 Fedora, Ed 2025-04-20 N/A
regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.
CVE-2017-3057 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2025-04-20 N/A
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript API related to the collaboration functionality. Successful exploitation could lead to arbitrary code execution.
CVE-2017-16527 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2025-04-20 6.6 Medium
sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-7191 1 Irssi 1 Irssi 2025-04-20 N/A
The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors.
CVE-2017-2636 3 Debian, Linux, Redhat 9 Debian Linux, Linux Kernel, Enterprise Linux and 6 more 2025-04-20 7.0 High
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.
CVE-2017-7393 2 Redhat, Tigervnc 2 Enterprise Linux, Tigervnc 2025-04-20 N/A
In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.
CVE-2017-15364 1 Ccsv Project 1 Ccsv 2025-04-20 N/A
The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this is not present in version 1.1.0.
CVE-2017-2823 1 Poweriso 1 Poweriso 2025-04-20 7.8 High
A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO file to trigger this vulnerability.