Launchpad CVE tracker

Find CVEs by number or keywords:
Show all registered CVEs

Recently updated CVEs

CVE-2017-9098 (Candidate)
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.
Created on 2017-05-20 and modified 11 hours ago.

CVE-2017-9117 (Candidate)
In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.
Created on 2017-05-22 and modified 11 hours ago.

CVE-2017-9212 (Candidate)
The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name.
Created 11 hours ago and modified 11 hours ago.

CVE-2017-9213 (Candidate)
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Created 11 hours ago and modified 11 hours ago.

CVE-2017-9214 (Candidate)
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
Created 11 hours ago and modified 11 hours ago.

Launchpad includes full support for the CVE framework. We update the Launchpad CVE database daily to ensure it includes details of all known vulnerabilities.