Samsung Galaxy S6 Edge Memory Corruption Vulnerability

Samsung Galaxy S6 Edge is a smartphone released by Samsung South Korea. A security vulnerability exists in the media scanning feature of the face recognition library in the android.media.process file in previous versions of the Samsung Galaxy S6 Edge G925VVRU4B0G9. A remote attacker can exploit...

CVE-2015-7897

The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service memory corruption via a crafted BMP image file...

Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash

Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash Source: https://code.google.com/p/google-security-research/issues/detail?id=497 Loading the bitmap bmpmemset.bmp can cause a crash due to a memset writing out of bounds. I/DEBUG 2961: pid: 12383, tid: 12549, name: thread-pool-1...

Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash

Source: https://code.google.com/p/google-security-research/issues/detail?id=497 Loading the bitmap bmpmemset.bmp can cause a crash due to a memset writing out of bounds. I/DEBUG 2961: pid: 12383, tid: 12549, name: thread-pool-1 com.sec.android.gallery3d I/DEBUG 2961: signal 11 SIGSEGV, code 2...

libwmf: heap overflow within the RLE decoding of embedded BMP images

It was discovered that libwmf did not correctly process certain WMF Windows Metafiles with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileg...

USN-2751-1 linux-lts-vivid vulnerabilities

Benjamin Randazzo discovered an information leak in the md multiple device driver when the bitmapinfo.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. CVE-2015-5697 Marc-André Lureau discovered that the vhost driver did not properly...

USN-2748-1 linux vulnerabilities

Benjamin Randazzo discovered an information leak in the md multiple device driver when the bitmapinfo.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. CVE-2015-5697 Marc-André Lureau discovered that the vhost driver did not properly...

Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)

Source: https://code.google.com/p/google-security-research/issues/detail?id=311 Bitmap object Use-after-Free 2 The attached PoC triggers a blue screen due to a use after free vulnerability. The crashes are unreliable, however you can use Special Pool in order to get reliable crashes. The crashes...

Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)

Source: https://code.google.com/p/google-security-research/issues/detail?id=293 Platform: Win7 32-bit. trigger.cpp should fire the issue, with two caveats: - PoC will NOT work if compiled as a debug build. - PoC will trigger the condition every time but the subsequent corruption might not cause a...

Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)

Microsoft Windows Kernel - Bitmap Handling Use-After-Free MS15-061 2 Source: https://code.google.com/p/google-security-research/issues/detail?id=311 Bitmap object Use-after-Free 2 The attached PoC triggers a blue screen due to a use after free vulnerability. The crashes are unreliable, however yo...

Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)

Microsoft Windows Kernel - Bitmap Handling Use-After-Free MS15-061 1 Source: https://code.google.com/p/google-security-research/issues/detail?id=293 Platform: Win7 32-bit. trigger.cpp should fire the issue, with two caveats: - PoC will NOT work if compiled as a debug build. - PoC will trigger the...

libXfont: out-of-bounds memory access in bdfReadCharacters

An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format BDF fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server...

libXfont: missing range check in bdfReadProperties

An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format BDF fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server...

libXfont: crash on invalid read in bdfReadCharacters

A NULL pointer dereference flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format BDF fonts. A malicious, local user could use this flaw to crash the X.Org server...

CVE-2015-5697

The getbitmapfile function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GETBITMAPFILE ioctl call...

DEBIAN-CVE-2015-5697

The getbitmapfile function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GETBITMAPFILE ioctl call...

Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88)

An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf...

UBUNTU-CVE-2015-5697

The getbitmapfile function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GETBITMAPFILE ioctl call...

USN-2722-1 gdk-pixbuf vulnerability

Gustavo Grieco discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code...

Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88)

An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf...