Use-after-free due to Media Decoder Thread creation during shutdown — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber reported a use-after-free during the shutdown process. This was caused by a race condition when media decoder threads are created during the shutdown process in some circumstances. This leads to a potentially exploitable crash when...

clamav: multiple issues

CVE-2015-2170 denial of service A flaw has been found in the UPX decoder with crafted files. During unpacking there are two range checks which are implemented "manually". Those checks lack the detection of overflows which are considered by the CLIISCONTAINED macro. - CVE-2015-2221 denial of...

CVE-2015-2170

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service crash via a crafted file...

UBUNTU-CVE-2015-2170

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service crash via a crafted file...

clamav -- multiple vulnerabilities

ClamAV project reports: ClamAV 0.98.7 is here! This release contains new scanning features and bug fixes. Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221. Fix crash on crafted petite packed file. Reported and pat...

Mandriva Linux Security Advisory : qemu (MDVSA-2015:210)

Updated qemu packages fix security vulnerabilities : A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table PRDT data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system rhbz1204919...

Updated libksba packages fix security vulnerabilities

The libksba package has been updated to version 1.3.3, which fixes an integer overflow in the DN decoder and a couple of other minor bugs...

Fedora 20 : libtasn1-3.8-3.fc20 (2015-5182)

backported fix for stack overflow in DER decoder Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Linux custom execve-shellcode Encoder/Decoder

Linux custom execve-shellcode Encoder/Decoder. Shellcode exploit for linx86 platform / Followtheleader custom execve-shellcode Encoder/Decoder - Linux Intel/x86 Author: Konstantinos Alexiou /...

Updated qemu packages fix security vulnerabilities

Updated qemu packages fix security vulnerabilities: A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table PRDT data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system rhbz1204919...

Important: flac

Issue Overview: A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. CVE-2014-9028 A buffer over-rea...

Crystal Player Playlist File Buffer Overflow Vulnerability

Crystal Player belongs to the shell class of playback software, you can call the Windows MediaPlayer decoder for media playback, it can support all the formats supported by Windows MediaPlayer, but also supports Skin technology. A buffer overflow vulnerability exists in Crystal Player playlist...

[ MDVSA-2015:147-1 ] libtiff

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:147-1 http://www.mandriva.com/en/support/security/ Package : libtiff Date : March 30, 2015 Affected: Business Server 1.0 Problem Description: Updated libtiff packages fix security vulnerabilities: The libtif...

libksba -- local denial of service vulnerabilities

Martin Prpic, Red Hat Product Security Team, reports: Denial of Service due to stack overflow in src/ber-decoder.c. Integer overflow in the BER decoder src/ber-decoder.c. Integer overflow in the DN decoder src/dn.c...

Mandriva Linux Security Advisory : jbigkit (MDVSA-2015:101)

Updated jbigkit packages fix security vulnerability : Florian Weimer found a stack-based buffer overflow flaw in the libjbig library part of jbigkit. A specially crafted image file read by libjbig could be used to cause a program linked to libjbig to crash or, potentially, to execute arbitrary co...

Mandriva Linux Security Advisory : imagemagick (MDVSA-2015:105)

Updated imagemagick package fixes security vulnerabilities : A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially,...

CVE-2015-0295

The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service divide-by-zero and crash via a crafted BMP file...

CVE-2015-0295

The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service divide-by-zero and crash via a crafted BMP file...

DEBIAN-CVE-2015-0295

The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service divide-by-zero and crash via a crafted BMP file...

Denial of service

The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service divide-by-zero and crash via a crafted BMP file...