CVE-2017-8361: The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. Reference:¶ Patch:¶ CVE-2017-8362: The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service via a crafted audio file. Reference:¶ ...
Mozilla Network Security Services before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect base64 operations.
The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service via a crafted RSA signature. Fixed In Version: strongswan 5.6.0
A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir","fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue with special files such as /dev/watchdog. Fixed In Version: libXfont 1.5.4, libXfont2 2.0.3
CVE-2017-9611: The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
In Exim 4.90 and earlier, there is a buffer overflow in an utility function, if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible.
CVE-2017-7826: Memory safety bugs CVE-2017-7828: Use-after-free of PressShell while restyling layout CVE-2017-7830: Cross-origin URL information leak through Resource Timing API Fixed In:¶ Firefox ESR 52.5