xpdf: Multiple buffer overflows in JBIG2 decoder (setBitmap, readSymbolDictSeg) (CVE-2009-0195)

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service crash via a crafted PDF file, related to 1 JBIG2SymbolDict::setBitmap and 2 JBIG2Stream::readSymbolDictSeg...

PDF JBIG2 integer overflow

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file...

xpdf: Multiple integer overflows in JBIG2 decoder

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service crash via a crafted PDF file, related to 1 JBIG2Stream::readSymbolDictSeg, 2 JBIG2Stream::readSymbolDictSeg, and 3...

SuSE Security Advisory SUSE-SA:2009:019 (krb5)

The remote host is missing updates announced in advisory SUSE-SA:2009:019. OpenVAS Vulnerability Test $Id: susesa2009019.nasl 6668 2017-07-11 13:34:29Z cfischer $ Description: Auto-generated from advisory SUSE-SA:2009:019 krb5 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

RedHat Security Advisory RHSA-2009:0409

The remote host is missing updates announced in advisory RHSA-2009:0409. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center KDC. An input validation flaw was...

CVE-2009-0847

The asn1bufimbed function in the ASN.1 decoder in MIT Kerberos 5 aka krb5 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service application crash via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmeti...

CVE-2009-0847

The asn1bufimbed function in the ASN.1 decoder in MIT Kerberos 5 aka krb5 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service application crash via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmeti...

Design/Logic Flaw

The asn1bufimbed function in the ASN.1 decoder in MIT Kerberos 5 aka krb5 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service application crash via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmeti...

CVE-2009-0846

The asn1decodegeneraltime function in lib/krb5/asn.1/asn1decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 aka krb5 before 1.6.4 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors involving an invalid DER encoding that...

DEBIAN-CVE-2009-0847

The asn1bufimbed function in the ASN.1 decoder in MIT Kerberos 5 aka krb5 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service application crash via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmeti...

Null pointer dereference

The asn1decodegeneraltime function in lib/krb5/asn.1/asn1decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 aka krb5 before 1.6.4 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors involving an invalid DER encoding that...

Mandriva Update for qt4 MDKSA-2007:075 (qt4)

Check for the Version of qt4 OpenVAS Vulnerability Test Mandriva Update for qt4 MDKSA-2007:075 qt4 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

CVE-2009-0846

The asn1decodegeneraltime function in lib/krb5/asn.1/asn1decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 aka krb5 before 1.6.4 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors involving an invalid DER encoding that...

CVE-2009-0846

The CVE-2009-0846 issue is in MIT Kerberos 5 (krb5) before 1.6.4. The ASN.1 GeneralizedTime decoder’s asn1_decode_generaltime function triggers a free of an uninitialized pointer when processing invalid DER encoding, enabling a remote attacker to cause a denial of service (daemon crash) or possib...

Mandriva Update for qt4 MDKSA-2007:075 (qt4)

Check for the Version of qt4 OpenVAS Vulnerability Test Mandriva Update for qt4 MDKSA-2007:075 qt4 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

CVE-2009-0846

The asn1decodegeneraltime function in lib/krb5/asn.1/asn1decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 aka krb5 before 1.6.4 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors involving an invalid DER encoding that...

DSA-1766-1 krb5 - several vulnerabilities

Bulletin has no description...

CVE-2009-0847

CVE-2009-0847 affects MIT Kerberos 5 (krb5) SPNEGO/GSS-API and the ASN.1 decoder. The OVMSA-2009-0003 advisory documents that 1.5–1.6.3 krb5 releases are vulnerable to crafted DER/length values, enabling remote attackers to crash daemons (and potentially execute code) due to length validation and...

Debian DSA-1766-1 : krb5 - several vulnerabilities

Several vulnerabilities have been found in the MIT reference implementation of Kerberos V5, a system for authenticating users and services on a network. The Common Vulnerabilities and Exposures project identified the following problems : - CVE-2009-0844 The Apple Product Security team discovered...

MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2009-001 MIT krb5 Security Advisory 2009-001 Original release: 2009-04-07 Last update: 2009-04-07 Topic: multiple vulnerabilities in SPNEGO, ASN.1 decoder CVE-2009-0844 SPNEGO implementation can read beyond buffer end CVSSv2 Vector:...