Memory corruption

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 image compression module. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3040

CVE-2017-3040 affects Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, and 15.023.20070 and earlier. The vulnerability is a memory corruption flaw in the JBIG2 image compression module that could allow arbitrary code execution on successful exploitation. The provided d...

CVE-2017-7609

elfcompress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service memory consumption via a crafted ELF file...

Automated Modular Cryptanalysis Tool: FeatherDuster

Automated Modular Cryptanalysis Tool FeatherDuster is a tool written by Daniel “unicornfurnace” Crowley of NCC Group for breaking crypto which tries to make the process of identifying and exploiting weak cryptosystems as easy as possible. Cryptanalib is the moving parts behind FeatherDuster, and...

DEBIAN-CVE-2017-7609

elfcompress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service memory consumption via a crafted ELF file...

CVE-2017-7609

elfcompress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service memory consumption via a crafted ELF file...

UBUNTU-CVE-2017-7609

elfcompress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service memory consumption via a crafted ELF file...

PT-2017-17840 · Red Hat +3 · Elfutils +3

Name of the Vulnerable Software and Affected Versions: elfutils version 0.168 Description: The issue is related to the elf compress.c file in elfutils, which does not validate the zlib compression factor. This allows remote attackers to cause a denial of service, specifically memory consumption, ...

CVE-2017-7448

CVE-2017-7448 affects Dropbox Lepton 1.2.1. The vulnerability is in the allocate_channel_framebuffer function (uncompressed_components.hh) and can be triggered by a malformed JPEG image, enabling a remote attacker to cause a denial of service (divide-by-zero error and application crash). The avai...

Denial Of Service (DoS)

ruby-saml is vulnerable to denial of service DoS attacks. These attacks are possible because attackers can compress huge XML and pass it to the SAML endpoint. The deflate functio allows the attacker to achieve 1000:1 compression ratio which can be used to cause denial of service attacks...

[SECURITY] [DLA 881-1] ejabberd security update

Package : ejabberd Version : 2.1.10-4+deb7u2 CVE ID : CVE-2014-8760 Debian Bug : 767521 767535 It was found that ejabberd does not enforce the starttlsrequired setting when compression is used, which causes clients to establish connections without encryption. For Debian 7 "Wheezy", this problem h...

Firefox an integer overflow leading to the mmap region is out of bounds write use-vulnerability warning-the black bar safety net

This article will explore a very interesting Vulnerability---CVE-2016-9066, a very simple but very interesting could lead to code execution Firefox vulnerability. The code in the presence of an integer overflow vulnerability, leading to loading of mmap area bounds. There is an advantage of this...

Debian Security Advisory DSA 3817-1 (jbig2dec - security update)

Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code if a malformed image file usually embedded in a PDF document is opened. OpenVAS Vulnerability Test $Id: deb3817.nasl 6607 2017-07-07 12:04:25Z...

[SECURITY] Fedora 24 Update: jasper-1.900.13-3.fc24

This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats...

Firefox Integer overflow leading to a buffer overflow in nsScriptLoadHandler (CVE-2016-9066)

This post will explore how CVE-2016-9066, a simple but quite interesting from an exploitation perspective vulnerability in Firefox, can be exploited to gain code execution. tl;dr an integer overflow in the code responsible for loading script tags leads to an out-of-bounds write past the end of an...

Network File System Monitor: nfstrace

Network File System Monitor NFS and CIFS tracing/monitoring/capturing/analyzing tool It performs live Ethernet 1 Gbps – 10 Gbps packets capturing and helps to determine NFS/CIFS procedures in raw network traffic. Furthermore, it performs filtration, dumping, compression, statistical analysis,...

SSL/TLS: TLS/SPDY Protocol Information Disclosure Vulnerability (CRIME)

The TLS/SPDY protocols are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 24 Update: mingw-wavpack-5.1.0-1.fc24

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled...

[SECURITY] Fedora 25 Update: mingw-wavpack-5.1.0-1.fc25

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled...

Dr0p1t-Framework - A Framework That Creates An Advanced FUD Dropper With Some Tricks

Have you ever heard about trojan droppers ? you can read about them from here . Dr0p1t let you create dropper like any tool but this time FUD with some tricks ; Features Works with Windows and Linux Adding malware after downloading it to startup Adding malware after downloading it to task schedul...