CWE-20

AyeView 2.20 allows user-assisted attackers to cause a denial of service (memory consumption or application crash) via a bitmap (aka .bmp) file with large height and width values.

phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a “local file include vulnerability.”

The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow.

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface’s PHP scripts.

FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942.

Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values.