CVE-2017-9098

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image da...

CVE-2017-9098

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image da...

CVE-2017-9098

CVE-2017-9098 affects ImageMagick prior to 7.0.5-2 and GraphicsMagick prior to 1.3.24. The vulnerability stems from uninitialized memory in the RLE decoder ReadRLEImage, caused by a missing initialization step in coders/rle.c. This can allow an attacker to leak sensitive process memory from a lon...

CVE-2017-9098

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image da...

UBUNTU-CVE-2017-9098

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image da...

Debian Security Advisory DSA 3855-1 (jbig2dec - security update)

Multiple security issues have been found in the JBIG2 decoder library, which may lead to denial of service, disclosure of sensitive information from process memory or the execution of arbitrary code if a malformed image file usually embedded in a PDF document is opened. OpenVAS Vulnerability Test...

CVE-2017-6658

Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of 0xFFFF. Increasing the array size solves this problem...

CVE-2017-6658

Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of 0xFFFF. Increasing the array size solves this problem...

Buffer overflow

Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of 0xFFFF. Increasing the array size solves this problem...

CVE-2017-6657

Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which...

Cisco Snort++ Protocol Decoder Denial of Service Vulnerabilities

Two vulnerabilities in the protocol decoders of Snort++ Snort 3 could allow an unauthenticated, remote attacker to create a Denial of Service DoS condition. The vulnerabilities are due to lack of validation in the protocol decoders. An attacker could exploit these vulnerabilities by crafting a...

MsMpEng: UIF decoder will spin forever processing sparse blocks

The UIF Universal Image Format is a proprietary file format used by the old shareware utility MagicISO. Microsoft have a dedicated unpacker for UIF that runs as SYSTEM on all filesystem activity !?!. The UIF format has an index structure at a fixed offset from the end of the file, with a pointer ...

jasper: integer overflows leading to out of bounds read in packet iterators in JPC decoder

An out-of-bounds heap read vulnerability was found in the jpcpinextpcrl function of jasper before 2.0.6 when processing crafted input...

EulerOS 2.0 SP2 : gstreamer1-plugins-good (EulerOS-SA-2017-1065)

According to the versions of the gstreamer1-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flxdecodedeltafli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10...

EulerOS 2.0 SP1 : gstreamer1-plugins-good (EulerOS-SA-2017-1064)

According to the versions of the gstreamer1-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flxdecodedeltafli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10...

EulerOS 2.0 SP2 : gstreamer-plugins-good (EulerOS-SA-2017-1063)

According to the versions of the gstreamer-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flxdecodedeltafli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10....

EulerOS 2.0 SP1 : gstreamer-plugins-good (EulerOS-SA-2017-1062)

According to the versions of the gstreamer-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flxdecodedeltafli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10....

EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1026)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the Linux kernel KVM subsystem's sysenter instruction emulation was not sufficient. An unprivileged guest user could use this...

QEMU Code Injection Vulnerability

QEMU aka Quick Emulator is a suite of analog processor software developed by French programmer Fabrice Bellard. A code injection vulnerability exists in QEMU versions prior to 2.9.0. Since the disasinsn function in target/i386/translate.c does not limit the size of instructions, an attacker could...

ALPINE-CVE-2017-8105

FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1decoderparsecharstrings function in psaux/t1decode.c...