Skip to main content
CVE-2017-16797 HIGH This Week

In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Buffer Overflow Swftools
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-16793 HIGH This Week

The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Swftools
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-16796 HIGH This Week

In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Swftools
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-16794 MEDIUM This Month

The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Swftools
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-16798 MEDIUM This Month

In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Cms Made Simple
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2017-16799 MEDIUM This Month

In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Cmsmadesimple
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy