CyberSecurityBoard
Sponsor Register Login

CVE-2023-3745

A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.

Publication date: Mon, 24 Jul 2023 21:15:00 +0000


Cyber News related to CVE-2023-3745

CVE-2018-3742 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-3745. Reason: This candidate is a reservation duplicate of CVE-2018-3745. Notes: All CVE users should reference CVE-2018-3745 instead of this candidate. All references and ...
1 year ago
Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
1 year ago Cisa.gov CVE-2023-48842 CVE-2023-43089 CVE-2023-39226 CVE-2023-46690 CVE-2023-47207 CVE-2023-46886 CVE-2023-48882 CVE-2023-49656 CVE-2023-28896 CVE-2023-48016 CVE-2023-49092 CVE-2023-2266 CVE-2023-2267 CVE-2023-31177 CVE-2023-34388 CVE-2023-34389 CVE-2023-48848 CVE-2023-4398
CVE-2006-4535 - The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for ...
1 year ago
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
10 months ago Tenable.com
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server - Sig 11,887 p4api vs2017 static openssl3 p4api-2023.1.2468153-vs2017 static. Sig 11,847 p4api vs2017 static p4api-2023.1.2468153-vs2017 static. Sig 10,187 p4api vs2017 static vsdebug openssl3 p4api-2023.1.2468153-vs2017 static vsdebug. Sig 10,147 ...
1 year ago Microsoft.com
CVE-2023-3745 - A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and ...
1 year ago
CVE-2024-27070 - In the Linux kernel, the following vulnerability has been resolved: ...
11 months ago
CVE-2024-3745 - MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user. ...
11 months ago
CVE-2021-3745 - flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type ...
3 years ago
CVE-2020-3745 - Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution ...
3 years ago
CVE-2011-3745 - HycusCMS 1.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/hycus_template/template.php. ...
13 years ago
CVE-2016-3745 - Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides an AudioEffect reply, as demonstrated ...
8 years ago
CVE-2017-3745 - In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, ...
7 years ago
CVE-2007-3745 - The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code. ...
7 years ago
CVE-2008-3745 - The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors. ...
7 years ago
CVE-2009-3745 - Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string. ...
7 years ago
CVE-2012-3745 - Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message. ...
7 years ago
CVE-2013-3745 - Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc. ...
7 years ago
CVE-2006-3745 - Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic) and possibly gain root privileges via unknown ...
6 years ago
CVE-2015-3745 - WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web ...
6 years ago
CVE-2019-3745 - The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an ...
5 years ago
CVE-2005-3745 - Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler ...
4 years ago
CVE-2018-3745 - atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below. ...
1 year ago
CVE-2022-3745 - A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI. ...
1 year ago
Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
1 year ago Securelist.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)