CVE-2016-3074

Integer signedness error in GD Graphics Library 2.1.1 aka libgd or libgd2 allows remote attackers to cause a denial of service crash or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow...

libgd gd2 Data Denial of Service Vulnerability

libgd is an open source library for dynamically creating images, which supports the creation of charts, graphs, thumbnails and more. A security vulnerability exists in libgd that allows remote attackers to conduct denial-of-service attacks on applications that can utilize compressed gd2 data...

Google Chrome ProcessCommandsInternal Function Denial of Service Vulnerability

Google Chrome is a web browsing tool developed by Google. A denial of service vulnerability exists in the function ProcessCommandsInternal in dec/decode.c within Brotli in versions of Google Chrome prior to 48.0.2564.109, which can cause a denial of service by a remote attacker with data compress...

Libnsgif 0.1.2 Stack Overflow / Out-Of-Bounds Read Exploit

Libnsgif version 0.1.2 suffers from stack overflow and out-of-bounds read vulnerabilities. Overview ======== Libnsgif1 is a decoding library for GIF images. It is primarily developed and used as part of the NetSurf project. As of version 0.1.2, libnsgif is vulnerable to a stack overflow...

UBUNTU-CVE-2015-2716

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283...

DLA-51-1 gnupg2 - security update

Bulletin has no description...

libav LZO Integer Overflow (CVE-2014-4609)

A code execution vulnerability exists in the libav library. The vulnerability is due to an integer overflow while processing literal runs in the LZO compressed data. A remote unauthenticated attacker could exploit this vulnerability by enticing a target user to open a crafted file with an...

FreeBSD : gnupg -- possible DoS using garbled compressed data packets (1c840eb9-fb32-11e3-866e-b499baab0cbe)

Werner Koch reports : This release includes a security fix to stop a possible DoS using garbled compressed data packets which can be used to put gpg into an infinite loop. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...

CVE-2012-4929

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differenc...

CVE-2010-4666

Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data...

Buffer overflow

Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data...

CVE-2010-4666

Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data...

CVE-2010-4666

CVE-2010-4666 : A buffer overflow in the libarchive library (3.0 pre-release) allows remote attackers to crash the application or cause other impact via a crafted CAB file, due to improper handling of Huffman code data in LZX data. Documented across multiple sources: Red Hat RHSA-2011:1507-01 and...

Oracle Java Soundbank Decompression Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java parses...

[ MDVSA-2011:105 ] wireshark

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:105 http://www.mandriva.com/security/ Package : wireshark Date : June 1, 2011 Affected: 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: This advisory updates wireshark to the latest version...

CVE-2011-0015

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor...

Null pointer dereference

The gstype2interpret function in Ghostscript allows remote attackers to cause a denial of service incorrect pointer dereference and application crash via crafted font data in a compressed data stream, aka bug 691043...

CVE-2010-4054

The gstype2interpret function in Ghostscript allows remote attackers to cause a denial of service incorrect pointer dereference and application crash via crafted font data in a compressed data stream, aka bug 691043...

CVE-2010-4054

The gstype2interpret function in Ghostscript allows remote attackers to cause a denial of service incorrect pointer dereference and application crash via crafted font data in a compressed data stream, aka bug 691043...

CVE-2010-4054

The gstype2interpret function in Ghostscript allows remote attackers to cause a denial of service incorrect pointer dereference and application crash via crafted font data in a compressed data stream, aka bug 691043...