Memory corruption with bitmap format images with negative height — Mozilla

Security researcher Frédéric Hoguin reported two related issues with the decoding of bitmap .BMP format images embedded in icon .ICO format files. When processing a negative "height" header value for the bitmap image, a memory corruption can be induced, allowing an attacker to write random memory...

DEBIAN-CVE-2012-2370

Multiple integer overflows in the readbitmapfiledata function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service application crash via a negative 1 height or 2 width in an XBM file, which triggers a heap-based buffer overflow...

Scientific Linux Security Update : gd on SL4.x, SL5.x i386/x86_64

Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. CVE-2006-4484, CVE-2007-3475, CVE-2007-3476 An integer overflow was discovered in the...

Scientific Linux Security Update : gimp on SL5.x i386/x86_64

The GIMP GNU Image Manipulation Program is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap BMP and Personal Computer eXchange PCX image file plug-ins. An attacker could create a specially...

CentOS Update for freetype CESA-2011:1402 centos5 x86_64

Check for the Version of freetype OpenVAS Vulnerability Test CentOS Update for freetype CESA-2011:1402 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

CentOS Update for freetype CESA-2011:1402 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for freetype CESA-2011:1402 centos4 x86_64

Check for the Version of freetype OpenVAS Vulnerability Test CentOS Update for freetype CESA-2011:1402 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

CentOS Update for freetype CESA-2011:1402 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Oracle Linux 6 kernel security, bug fix and enhancement update

2.6.32-279.el6 - netdrv mlx4: ignore old module parameters Jay Fenlason 830553 2.6.32-278.el6 - kernel sysctl: silence warning about missing strategy for file-max at boot time Jeff Layton 803431 - net sunrpc: make new tcpmaxslottableentries sysctl use CTLUNNUMBERED Jeff Layton 803431 - drm i915:...

kernel: nfs4_getfacl decoding kernel oops

The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service OOPS by sending an excessive number of bitmap words...

CVE-2012-2375

The nfs4getacluncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cause a denial of service OOPS by sending an excessive number of bitmap words in an...

DEBIAN-CVE-2011-4131

The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service OOPS by sending an excessive number of bitmap words...

CVE-2011-4131

The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service OOPS by sending an excessive number of bitmap words...

CVE-2011-4131

The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service OOPS by sending an excessive number of bitmap words...

UBUNTU-CVE-2011-4131

The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service OOPS by sending an excessive number of bitmap words...

DEBIAN-CVE-2012-1137

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service invalid heap read operation and memory corruption or possibly execute arbitrary code via a crafted header in a BDF font...

freetype: BDF parser _bdf_list_split() fails to properly initialize field array (#35658)

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service invalid heap read operation and memory corruption or possibly execute arbitrary code via a crafted ASCII string in a BDF font...

freetype: data buffer underflow in BDF parser _bdf_parse_glyphs() (#35656)

Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service invalid stack read operation and memory corruption or possibly execute arbitrary code via crafted glyph data in a BDF font...

CVE-2012-1136

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service invalid heap write operation and memory corruption or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODI...

CVE-2012-1127

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service invalid heap read operation and memory corruption or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font...