Google Chrome vpxdecoder Denial of Service Vulnerability

Google Chrome is a web browsing tool developed by Google. A security vulnerability exists in the 'VpxVideoDecoder::VpxDecode' function in the media/filters/vpxvideodecoder.cc file in the vpxdecoder implementation in versions of Google Chrome prior to 41.0.2272.76. ' function in the...

UBUNTU-CVE-2015-1224

The VpxVideoDecoder::VpxDecode function in media/filters/vpxvideodecoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attackers to cause a denial of service out-of-bounds...

chromium-browser: Use-after-free in gif decoder

Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size ...

FreeBSD : chromium -- multiple vulnerabilities (8505e013-c2b3-11e4-875d-000c6e25e3e9)

Chrome Releases reports : 51 security fixes in this release, including : - 456516 High CVE-2015-1212: Out-of-bounds write in media. Credit to anonymous. - 448423 High CVE-2015-1213: Out-of-bounds write in skia filters. Credit to cloudfuzzer. - 445810 High CVE-2015-1214: Out-of-bounds write in ski...

Google Chrome < 41.0.2272.76 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 41.0.2272.76. It is, therefore, affected by multiple vulnerabilities as referenced in the 201503stable-channel-update advisory. - Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM...

chromium: multiple issues

CVE-2015-1212: Out-of-bounds write in media. - CVE-2015-1213, CVE-2015-1214, CVE-2015-1215: Out-of-bounds write in skia filters. - CVE-2015-1216: Use-after-free in v8 bindings. - CVE-2015-1217: Type confusion in v8 bindings. - CVE-2015-1218: Use-after-free in dom. - CVE-2015-1219: Integer...

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 41 to the stable channel for Windows, Mac and Linux. Chrome 41.0.2272.76 contains a number of fixes and improvements, including: A number of new apps/extension APIs Lots of under the hood changes for stability and performance A list...

[SECURITY] Fedora 20 Update: vorbis-tools-1.4.0-14.fc20

Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The vorbis package contains an encoder, a decoder, a playback tool, and a comment editor...

RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:0264)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0264 advisory. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.6. In a...

OpenJDK: DER decoder infinite loop (Security, 8059485)

A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...

AIX Java Advisory : java_feb2015_advisory.asc (POODLE)

The version of Java SDK installed on the remote host is affected by the following vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block...

netty: DoS via memory exhaustion during data aggregation

A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service...

Oracle Java SE 5 < Update 76 / 6 < Update 86 / 7 < Update 73 / 8 < Update 26 Multiple Vulnerabilities

Binary data 8897.prm...

RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2015:0136)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0136 advisory. - ICU: font parsing OOB read OpenJDK 2D, 8055489 CVE-2014-6585 - ICU: font parsing OOB read OpenJDK 2D, 8056276 CVE-2014-6591 - OpenJDK:...

OpenJDK: DER decoder infinite loop (Security, 8059485)

A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...

OpenJDK: DER decoder infinite loop (Security, 8059485)

A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...

Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 (Feb 2015) - Windows

Oracle Java SE JRE is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 21 Update: vorbis-tools-1.4.0-18.fc21

Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The vorbis package contains an encoder, a decoder, a playback tool, and a comment editor...

Important: Red Hat Security Advisory: java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

OpenJDK: DER decoder infinite loop (Security, 8059485)

A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...