Debian: >> Debian Linux >> 8.0 Security Vulnerabilities
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.
CVSS Score
8.8
EPSS Score
0.016
Published
2017-09-21
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
CVSS Score
8.1
EPSS Score
0.004
Published
2017-09-21
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
CVSS Score
8.1
EPSS Score
0.005
Published
2017-09-21
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
CVSS Score
6.5
EPSS Score
0.01
Published
2017-09-21
In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.
CVSS Score
6.5
EPSS Score
0.012
Published
2017-09-21
node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).
CVSS Score
6.5
EPSS Score
0.013
Published
2017-09-20
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-09-20
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVSS Score
8.1
EPSS Score
0.017
Published
2017-09-20
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.
CVSS Score
6.5
EPSS Score
0.039
Published
2017-09-20
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
CVSS Score
7.5
EPSS Score
0.016
Published
2017-09-19