wireshark: SigComp UDVM dissector buffer overruns

Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors...

ZDI-10-148: Microsoft Cinepak Codec CVDecompress Remote Code Execution Vulnerability

ZDI-10-148: Microsoft Cinepak Codec CVDecompress Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-148 August 10, 2010 -- CVE ID: CVE-2010-2553 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft File Format...

MDVA-2009:119-1 : yelp

The Yelp help browser shipped with Mandriva 2009 Spring was built without support for LZMA compression. As this is needed to view the compressed manual and GNU Info pages, LZMA support was enabled in this update. Update: On the previous yelp update we added a require on liblzmadec0 for i586 and...

MDVA-2009:119 : yelp

The Yelp help browser shipped with Mandriva 2009 Spring was built without support for LZMA compression. As this is needed to view the compressed manual and GNU Info pages, LZMA support was enabled in this update. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated...

libpng: excessive memory consumption due to highly compressed huge ancillary chunk

The pngdecompresschunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of...

libtiff: crash when reading image with not configured compression

LibTIFF in Red Hat Enterprise Linux RHEL 3 on x8664 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPE...

DEBIAN-CVE-2010-2598

LibTIFF in Red Hat Enterprise Linux RHEL 3 on x8664 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPE...

Input validation

LibTIFF in Red Hat Enterprise Linux RHEL 3 on x8664 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPE...

CVE-2010-2598

LibTIFF in Red Hat Enterprise Linux RHEL 3 on x8664 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPE...

[SECURITY] Fedora 13 Update: libpng-1.2.44-1.fc13

The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng...

Design/Logic Flaw

The HTTP Channel in IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service NullPointerException via a large amount of chunked data that uses gzip compression...

CVE-2010-2328

The HTTP Channel in IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service NullPointerException via a large amount of chunked data that uses gzip compression...

DEBIAN-CVE-2010-2286

The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service infinite loop via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."...

CVE-2010-1879

Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability."...

CVE-2010-1880

Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."...

CVE-2010-1510

Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PSD image with RLE compression...

Heap overflow

Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PSD image with RLE compression...

CVE-2010-1510

Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PSD image with RLE compression...

CVE-2010-1510

CVE-2010-1510 affects IrfanView prior to 4.27, where parsing PSD images with RLE compression can trigger a heap-based buffer overflow, leading to a possible crash or remote code execution. Public sources consistently describe this in IrfanView’s PSD RLE decompression path, with Secunia citing the...