CVE-2015-7060

The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted certificate, a different vulnerability than CVE-2015-7059 and CVE-2015-7061...

CVE-2015-7059

The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted certificate, a different vulnerability than CVE-2015-7060 and CVE-2015-7061...

Memory corruption

The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted certificate, a different vulnerability than CVE-2015-7060 and CVE-2015-7061...

CVE-2015-7061

The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted certificate, a different vulnerability than CVE-2015-7059 and CVE-2015-7060...

CVE-2015-7059

The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted certificate, a different vulnerability than CVE-2015-7060 and CVE-2015-7061...

CVE-2015-7060

CVE-2015-7060 targets Apple platforms with vulnerable ASN.1 decoding in OS X (pre-10.11.2), tvOS (pre-9.1), and watchOS (pre-2.1). A crafted certificate can trigger remote code execution or memory corruption (DoS). Root cause: ASN.1 decoder weakness. Affected components: OS X’s certificate handli...

CVE-2015-7061

CVE-2015-7061 affects Apple OS X prior to 10.11.2, tvOS prior to 9.1, and watchOS prior to 2.1. The issue stems from the ASN.1 decoder handling a crafted certificate, enabling remote code execution or memory corruption. This is a separate vulnerability from CVE-2015-7059 and CVE-2015-7060. Impact...

CVE-2015-7059

Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 are affected by CVE-2015-7059 via a flaw in the ASN.1 decoder that allows remote attackers to trigger memory corruption or arbitrary code execution through a crafted certificate. The report aggregates multiple CVEs in Apple’s 2015...

openSUSE Security Update : ffmpeg (openSUSE-2015-821)

The ffmpeg package was updated to version 2.8.2 to fix the following security and non security issues : - CVE-2015-8216: Fixed the ljpegdecodeyuvscan function in libavcodec/mjpegdec.c which could cause a denial of service out-of-bounds array access bnc955346. - CVE-2015-8217: Fixed the...

libraw -- memory objects not properly initialized

ChenQin reports: The LibRaw raw image decoder has multiple vulnerabilities that can cause memory errors which may lead to code execution or other problems. In CVE-2015-8367, LibRaw's phaseonecorrect function does not handle memory initialization correctly, which may cause other problems...

UBUNTU-CVE-2015-8363

The jpeg2000readmainheaders function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service out-of-bounds heap-memory access or...

CVE-2015-8219

The inittile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JP...

DEBIAN-CVE-2015-7182

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services NSS before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service application crash or possibly...

Heap overflow

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services NSS before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service application crash or possibly...

CVE-2015-7182

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services NSS before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service application crash or possibly...

UBUNTU-CVE-2015-7182

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services NSS before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service application crash or possibly...

Moderate: Red Hat Security Advisory: qemu-kvm security update

Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fr...

qemu: vnc: insufficient resource limiting in VNC websockets decoder

It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory...

qemu: vnc: insufficient resource limiting in VNC websockets decoder

It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory...

SUSE: Security Advisory for qemu (SUSE-SU-2015:0896-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...