python security and bug fix update

2.7.5-58.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-58 - Set stream to None in case an open fails. Resolves: rhbz1432003 2.7.5-57 - Fix implicit declaration warnings of functions added by patches 147 and 265 Resolves: rhbz1441237 2.7.5-56 - Fix shutil.makearchive...

OpenCV Buffer Overflow Vulnerability (CNVD-2017-24177)

OpenCV is an open source, cross-platform, lightweight computer vision library. A buffer overflow vulnerability exists in the 'cv::BmpDecoder::readData' function in the modules/imgcodecs/src/grfmtbmp.cpp file in OpenCV 3.3 and earlier. An attacker could use this vulnerability to cause a denial of...

DEBIAN-CVE-2017-12429

In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service...

libmad 'mad_decoder_run' function denial of service vulnerability

libmad is an open source MPEG audio decoding library that provides 24-bit PCM output for platforms without floating point support. A security vulnerability exists in the 'maddecoderrun' function of the decoder.c file in libmad version 0.15.1b. A remote attacker can exploit this vulnerability to...

gstreamer: Invalid memory read in g_type_check_instance_is_fundamentally_a

The gstdecodechainfreeinternal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service invalid memory read and crash via an invalid file, which triggers an incorrect unref call...

libmad 0.15.1b - mp3 Memory Corruption

libmad 0.15.1b - mp3 Memory Corruption libmad memory corruption vulnerability ================ Author : qflb.wu =============== Introduction: ============= libmad is a high-quality MPEG audio decoder capable of 24-bit output. Affected version: ===== 0.15.1b Vulnerability Description:...

libmad 0.15.1b - 'mp3' Memory Corruption

libmad memory corruption vulnerability ================ Author : qflb.wu =============== Introduction: ============= libmad is a high-quality MPEG audio decoder capable of 24-bit output. Affected version: ===== 0.15.1b Vulnerability Description: ========================== the maddecoderrun functi...

libmad 0.15.1b - mp3 Memory Corruption Exploit

Exploit for linux platform in category dos / poc libmad memory corruption vulnerability ================ Author : qflb.wu =============== Introduction: ============= libmad is a high-quality MPEG audio decoder capable of 24-bit output. Affected version: ===== 0.15.1b Vulnerability Description:...

CVE-2017-0719

A remote code execution vulnerability in the Android media framework mpeg2 decoder. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273673...

MGASA-2017-0227 Updated gdk-pixbuf2.0 packages fix security vulnerability

The gdk-pixbuf2.0 package has been updated to version 2.36.7, which fixes integer overflows in the ico, bmp, and tiff decoder, as well as fixing other bugs...

UBUNTU-CVE-2017-11399

Integer overflow in the apedecodeframe function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service out-of-array access and application crash or possibly have unspecified other impact via a crafted APE file...

Updated jbig2dec packages fix security vulnerability

Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code if a malformed image file usually embedded in a PDF document is opened CVE-2016-9601. Artifex jbig2dec has a heap-based buffer over-read leading to...

MGASA-2017-0206 Updated jbig2dec packages fix security vulnerability

Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code if a malformed image file usually embedded in a PDF document is opened CVE-2016-9601. Artifex jbig2dec has a heap-based buffer over-read leading to...

openSUSE Security Update : GraphicsMagick (openSUSE-2017-781)

This update for GraphicsMagick fixes the following issues : - CVE-2017-8350: an additional fix for a denial of service memory leak in the JNG decoder was done. boo1036985 c13-c21 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Interactive Security Reference Tool: BroSec

Interactive Security Reference Tool An interactive reference tool to help security professionals utilize useful payloads and commands Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful yet sometimes complex payloads and commands that are often...

Freeware Advanced Audio Decoder mp4ff_read_ctts Denial of Service Vulnerability

Freeware Advanced Audio Decoder is advanced audio encoder. Freeware Advanced Audio Decoder 2 FAAD2 version 2.7, a security vulnerability exists in the common/mp4ff/mp4atom.c/mp4ffreadctts function, which can be exploited by remote attackers to cause a denial of service vulnerability via a...

Freeware Advanced Audio mp4ff_read_stsd Denial of Service Vulnerability

Freeware Advanced Audio Decoder is advanced audio encoder. Freeware Advanced Audio Decoder 2 FAAD2 version 2.7, a security vulnerability exists in the common/mp4ff/mp4atom.c/mp4ffreadstsd function, which can be exploited by remote attackers to cause a denial of service vulnerability via a...

Freeware Advanced Audio mp4ff_read_stts Denial of Service Vulnerability

Freeware Advanced Audio Decoder is advanced audio encoder. Freeware Advanced Audio Decoder 2 FAAD2 version 2.7, a security vulnerability exists in the common/mp4ff/mp4atom.c/mp4ffreadstts function, which can be exploited by remote attackers to cause a denial of service vulnerability via a...

Freeware Advanced Audio mp4ff_read_stsc Denial of Service Vulnerability

Freeware Advanced Audio Decoder is advanced audio encoder. Freeware Advanced Audio Decoder 2 FAAD2 version 2.7, a security vulnerability exists in the common/mp4ff/mp4atom.c/mp4ffreadstsc function, which can be exploited by remote attackers to cause a denial of service vulnerability via a...

Freeware Advanced Audio mp4ff_read_stts Denial of Service Vulnerability

Freeware Advanced Audio Decoder is advanced audio encoder. Freeware Advanced Audio Decoder 2 FAAD2 version 2.7, a security vulnerability exists in the common/mp4ff/mp4atom.c/mp4ffreadstts function, which can be exploited by remote attackers to cause a denial of service vulnerability via a...