5949 matches found
Firefox 10.0.x < 10.0.5 Multiple Vulnerabilities
The installed version of Firefox 10.0.x is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. CVE-2012-0441 - Multiple memory corruption errors exist. CVE-2012-1937, CVE-2012-1939 - T...
Mozilla Thunderbird < 13.0 Multiple Vulnerabilities
Binary data 6498.prm...
Mozilla Thunderbird 12.x < 12 Multiple Vulnerabilities
Binary data 801240.prm...
Firefox < 10.0.5 Multiple Vulnerabilities (Mac OS X)
The installed version of Firefox is earlier than 10.0.5 and thus, is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. CVE-2012-0441 - Multiple memory corruption errors exist...
Firefox < 13.0 Multiple Vulnerabilities (Mac OS X)
The installed version of Firefox is earlier than 13.0 and thus, is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. CVE-2012-0441 - Two heap-based buffer overflows and one heap-base...
USN-1463-1: Firefox vulnerabilities
Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a deni...
CVE-2012-0441
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services NSS before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a...
DEBIAN-CVE-2012-0441
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services NSS before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a...
Design/Logic Flaw
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services NSS before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a...
CVE-2012-0441
The CVE-2012-0441 issue affects the NSS ASN.1 decoder QuickDER. The flaw allows a remote attacker to trigger a denial of service (application crash) via a zero-length item in ASN.1 structures (e.g., a zero-length basic constraint or a zero-length OCSP field). Affected software includes NSS-based ...
NSS parsing errors with zero length items — Mozilla
Security researcher Kaspar Brand found a flaw in how the Network Security Services NSS ASN.1 decoder handles zero length items. Effects of this issue depend on the field. One known symptom is an unexploitable crash in handling OCSP responses. NSS also mishandles zero-length basic constraints,...
CVE-2011-3945
The decodeframe function in the KVG1 decoder kgv1dec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service crash and possibly...
OpenSSL 1.0.1 Memory Corruption
Exploit for multiple platform in category remote exploits Incorrect integer conversions in OpenSSL can result in memory corruption. -------------------------------------------------------------------------- CVE-2012-2110 This advisory is intended for system administrators and developers exposing...
OpenSSL ASN1 BIO Memory Corruption Vulnerability
Exploit for windows platform in category dos / poc Incorrect integer conversions in OpenSSL can result in memory corruption. -------------------------------------------------------------------------- CVE-2012-2110 This advisory is intended for system administrators and developers exposing OpenSSL...
David Koblas' GIF decoder LZW decoder buffer overflow
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gifreadlzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte functio...
SuSE 10 Security Update : CUPS (ZYPP Patch Number 7775)
This update fixes the following security issues : - 601830: CSRF via admin web interface. CVE-2010-0540 - 680210: users in group 'lp' can overwrite arbitrary files. CVE-2010-2431 - 711490: heap overflow in gif decoder. CVE-2011-2896 - 715643: heap overflow in gif decoder CVE-2011-3170 This update...
SuSE 11.1 Security Update : CUPS (SAT Patch Number 5180)
This update fixes the following security issues : - 601830: CSRF via admin web interface. CVE-2010-0540 - 680210: users in group 'lp' can overwrite arbitrary files. CVE-2010-2431 - 680212: denial of service via cupsDoAuthentication. CVE-2010-2432 - 711490: heap overflow in gif decoder...
SuSE 11.1 Security Update : Gimp (SAT Patch Number 5193)
Specially crafted gif files could have caused an infinite loop or a heap-based buffer overflow in the gif decoder CVE-2011-2896. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update...
CVE-2011-4364
Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service crash and possibly...
CVE-2011-4579
The svq1decodeframe function in the SVQ1 decoder svq1dec.c in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service...