CVE-2017-5149

HIGH Year: 2017
CVSS v3 Score
8.9
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-476
View all →

Vulnerability Description

An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints.

Related Vulnerabilities

CVE-2016-3616

HIGH
CVSS:8.8(High)

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.

CWE-4762016

CVE-2017-0321

HIGH
CVSS:8.8(High)

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potent...

CWE-4762017

CVE-2017-11096

HIGH
CVSS:8.8(High)

When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c.

CWE-4762017

CVE-2017-11097

HIGH
CVSS:8.8(High)

When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c.

CWE-4762017

CVE-2017-11100

HIGH
CVSS:8.8(High)

When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c.

CWE-4762017

CVE-2017-11101

HIGH
CVSS:8.8(High)

When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c.

CWE-4762017