In ncurses-bin 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service in ReadMATImage if the size specified for a MAT Object is larger than the actual amount of data.
In lrzip 0.631, a stack buffer overflow was found in the function get_file info in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.
The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional , which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.
An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.
Integer overflow in the index.c:read_entry function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service via a crafted repository index file.
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.
The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted object.