CVE-2009-0199

Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attacke...

CVE-2009-2628

The CVE-2009-2628 issue affects VMware VMnc codec (vmnc.dll) used by VMware Movie Decoder and related products. The root cause is heap memory corruption triggered by AVI files with certain small heights, enabling remote code execution on Windows when processed by vulnerable VMnc-based components ...

CVE-2009-0199

Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attacke...

VMSA-2009-0012:VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.

VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2009-0012 VMware Security Advisory Synopsis: VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE...

Examples teach you to understand the net horse-vulnerability warning-the black bar safety net

The main code is as follows: SCRIPT language=”JavaScript” window. status=”completed”; evalfunctionp,a,c,k,e,de=functioncreturn c. toString3 6;if!”. replace/^/,Stringwhilec–dc. toStringa=kc||c. toStringak=functionereturn de;e=functionreturn’\\w+’;c=1;whilec–ifkcp=p. replacenew...

openSUSE Security Update : swfdec (swfdec-524)

The free Flash decoder engine 'swfdec' was updated to version 0.6.8 to fix lots of crashers which are likely security relevant and could be exploited to remotely execute code. CVE-2008-3796 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

openSUSE Security Update : acroread (acroread-689)

Multiple flaws in the JBIG2 decoder and the JavaScript engine of the Adobe Reader allowed attackers to crash acroread or even execute arbitrary code by tricking users into opening specially crafted PDF files. CVE-2009-0658, CVE-2009-0927, CVE-2009-0193, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062...

openSUSE Security Update : ghostscript-devel (ghostscript-devel-877)

Specially crafted file could cause a heap-overflow in JBIG2 decoder CVE-2009-0196, an integer overflow in ICC library CVE-2009-0792, a buffer overflow in BaseFont writer module CVE-2008-6679 or crash the CCITTFax decoder CVE-2007-6725. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-578)

OpenJDK Java 1.6.0 was upgraded to build b14, fixing quite a lot of security issues. It fixes at least: 4486841 UTF8 decoder should adhere to corrigendum to Unicode 3.0.1 CVE-2008-5351 6484091 FileSystemView leaks directory info CVE-2008-5350 aka SUN SOLVE 246266 6497740 Limit the size of RSA...

openSUSE Security Update : acroread (acroread-689)

Multiple flaws in the JBIG2 decoder and the JavaScript engine of the Adobe Reader allowed attackers to crash acroread or even execute arbitrary code by tricking users into opening specially crafted PDF files. CVE-2009-0658, CVE-2009-0927, CVE-2009-0193, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062...

Foxit Reader Multiple Denial of Service Vulnerabilities (Jun 2009)

Foxit Reader is prone to multiple Denial of Service vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

gstreamer-plugins-good security update

0.10.9-1.el5.2 - CVE-2009-1932: Integer overflow in PNG decoder...

CVE-2009-0690

The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 aka JPX stream, which allows remote attackers to cause a denial of service memory corruption and application crash or...

Out-of-bounds

The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 aka JPX stream, which allows remote attackers to cause a denial of service memory corruption and application crash or...

CVE-2009-0690

The CVE-2009-0690 issue affects Foxit Reader's JPEG2000/JBIG Decoder add-on prior to 2.0.2009.616. A negative stream offset in a JPEG2000 (JPX) stream can trigger an out-of-bounds read, enabling a remote attacker to cause memory corruption, DoS, and potentially execute arbitrary code via a crafte...

Foxit Reader JPEG2000 / JBIG Decoder Add-On < 2.0.2009.616 Multiple Vulnerabilities

The Foxit Reader application installed on the remote Windows host includes an optional JPEG2000 / JBIG Decoder add-on that is prior to version 2.0.2009.616. It is, therefore affected by multiple vulnerabilities : - A out-of-bounds read error exists in the add-on due to improper handling of a...

Heap overflow

Heap-based buffer overflow in the decodercreate function in the initialization functionality in xvidcore/src/decoder.c in Xvid before 1.2.2, as used by Windows Media Player and other applications, allows remote attackers to execute arbitrary code via vectors involving the DirectShow aka DShow...

CVE-2009-0894

Heap-based buffer overflow in the decodercreate function in the initialization functionality in xvidcore/src/decoder.c in Xvid before 1.2.2, as used by Windows Media Player and other applications, allows remote attackers to execute arbitrary code via vectors involving the DirectShow aka DShow...

RedHat Security Advisory RHSA-2009:0480

The remote host is missing updates announced in advisory RHSA-2009:0480. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Multiple integer overflow flaws were found in poppler. An attacker could create a malicious PDF file that would cause...

openSUSE 10 Security Update : ghostscript-devel (ghostscript-devel-6246)

Specially crafted file could cause a heap-overflow in JBIG2 decoder CVE-2009-0196, an integer overflow in ICC library CVE-2009-0792, a buffer overflow in BaseFont writer module CVE-2008-6679 or crash the CCITTFax decoder CVE-2007-6725. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...