Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2017
CVE-2016-10165
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
CVSS Score
7.1
EPSS Score
0.009
Published
2017-02-03
CVE-2016-6500
Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning.
CVSS Score
8.1
EPSS Score
0.02
Published
2017-02-03
CVE-2016-3183
The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-02-03
CVE-2016-4796
Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-02-03
CVE-2016-4797
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-02-03
CVE-2016-6188
Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files.
CVSS Score
6.5
EPSS Score
0.015
Published
2017-02-03
CVE-2016-2317
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-02-03
CVE-2016-2318
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-02-03
CVE-2016-4352
Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-02-03
CVE-2016-4570
The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
CVSS Score
5.5
EPSS Score
0.008
Published
2017-02-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved