Mandriva Linux Security Advisory : flac (MDVSA-2014:239)

Updated flac packages fix security vulnerabilities : In libFLAC before 1.3.1, a stack overflow CVE-2014-8962 and a heap overflow CVE-2014-9028, which may result in arbitrary code execution, can be triggered by passing a maliciously crafted .flac file to the libFLAC decoder. %NASLMINLEVEL 70300 C...

UBUNTU-CVE-2014-1569

The definitelengthdecoder function in lib/util/quickder.c in Mozilla Network Security Services NSS before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long...

DLA-99-1 flac - security update

Bulletin has no description...

Cisco OpenH264 Heap Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on applications using vulnerable versions of Cisco OpenH264. The specific flaw exists within the decoder logic. By providing malformed H.264 data to the decoder, an attacker can overwrite a heap buffer. This could result in the...

Cisco OpenH264 Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on applications using vulnerable versions of Cisco OpenH264. The specific flaw exists within the decoder logic. By providing malformed H.264 data to the decoder, an attacker can force a dangling pointer to be referenced after it...

Cisco OpenH264 Heap Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on applications using vulnerable versions of Cisco OpenH264. The specific flaw exists within the decoder logic. By providing malformed H.264 data to the decoder, an attacker can overwrite a heap buffer. This could result in the...

Security Advisory-Multiple Vulnerabilities on Huawei P2 Smartphone

This security advisory SA describes two vulnerabilities. The decoder driver of P2 was found to allow any application to read or write to an arbitrary memory address. HWPSIRT-2014-0401 This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2014-2273. The Kingsoft...

[ MDVSA-2014:226 ] imagemagick

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:226 http://www.mandriva.com/en/support/security/ Package : imagemagick Date : November 25, 2014 Affected: Business Server 1.0 Problem Description: Updated imagemagick packages fix security vulnerabilities:...

CVE-2014-9028

Heap-based buffer overflow in streamdecoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file...

DEBIAN-CVE-2014-8962

Stack-based buffer overflow in streamdecoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file...

UBUNTU-CVE-2014-9028

Heap-based buffer overflow in streamdecoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file...

OracleVM 2.1 : krb5 (OVMSA-2009-0003)

The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-0844 The getinputtoken function in the SPNEGO implementation in MIT Kerberos 5 aka krb5 1.5 through 1.6.3 allows remote attackers to cause a denial of service daemon crash and possibly obtain...

UBUNTU-CVE-2014-8962

Stack-based buffer overflow in streamdecoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file...

Updated imagemagick packages fix security vulnerabilities

ImageMagick is vulnerable to a denial of service due to out-of-bounds memory accesses in the resize code CVE-2014-8354, PCX parser CVE-2014-8355, DCM decoder CVE-2014-8562, and JPEG decoder CVE-2014-8716...

CVE-2014-8716

The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service out-of-bounds memory access and crash...

UBUNTU-CVE-2014-8716

The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service out-of-bounds memory access and crash...

UBUNTU-CVE-2014-8481

The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 does not properly handle invalid instructions, which allows guest OS users to cause a denial of service NULL pointer dereference and host OS crash via a crafted application that triggers 1 a...

CVE-2014-8481

The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 does not properly handle invalid instructions, which allows guest OS users to cause a denial of service NULL pointer dereference and host OS crash via a crafted application that triggers 1 a...

UBUNTU-CVE-2014-8547

libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted GIF data...

[DLA 41-1] python-imaging security update

Package : python-imaging Version : 1.1.7-2+deb6u1 CVE ID : CVE-2014-3589 Andrew Drake discovered that missing input sanitising in the icns decoder of the Python Imaging Library could result in denial of service if a malformed image is processed...