CVE-2008-0011

Microsoft DirectX contains two CVEs (CVE-2008-0011 and CVE-2008-1444) related to MJPEG and SAMI parsing, enabling remote code execution when a user opens specially crafted AVI/ASF/SAMI files. Affected products span DirectX components on Windows XP SP2/SP3, Server 2003, Windows Vista, and Windows ...

Linux Kernel BER解码缓冲区溢出漏洞

BUGTRAQ ID: 29589 CVECAN ID: CVE-2008-1673 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的cifs和ipnatsnmpbasic模块中的ASN.1 BER解码器没有正确地计算缓冲区大小，如果远程攻击者向有漏洞的系统发送了特制的BER编码数据的话，就可以触发缓冲区溢出，导致拒绝服务或执行任意指令。 Linux kernel 2.6.x Linux kernel 2.4.x Debian ------ Debian已经为此发布了一个安全公告（DSA-1592-2）以及相应补丁: DSA-1592-2：N...

VLC媒体播放器MP及Cinepak解码器缓冲区溢出漏洞

BUGTRAQ ID: 28904,28903 CVECAN ID: CVE-2008-1769,CVE-2008-1768 VLC Media Player是一款免费的媒体播放器。 VLC处理畸形格式的媒体文件时存在漏洞，如果用户受骗使用VLC播放器打开了特制的媒体文件或流媒体的话，就会在MP4和Cinepak解码器模块中触发缓冲区溢出，导致拒绝服务或执行任意指令。 VideoLAN VLC Media Player 0.8.6e Gentoo ------ Gentoo已经为此发布了一个安全公告（GLSA-200804-25）以及相应补丁: GLSA-200804-25：VLC:...

Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / current : xine-lib (SSA:2008-111-01)

New xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues. An overflow was found in the Speex decoder that could lead to a crash or possible execution of arbitrary code. Xine-lib = 1.1.12 was also found to be vulnerable to a stack-based...

USN-582-2: Thunderbird regression

USN-582-1 fixed several vulnerabilities in Thunderbird. The upstream fixes were incomplete, and after performing certain actions Thunderbird would crash due to memory errors. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that...

Android软件开发工具包BMP文件处理整数溢出漏洞

BUGTRAQ ID: 28006 CVECAN ID: CVE-2008-0986 Android是Google通过Open Handset Alliance发起的项目，用于为移动设备提供完整的软件集，包括操作系统、中间件等。 Android SDK的libsgl.so库中的BMP::readFromStreamStream , ImageDecoder::Mode方式在解析BMP图形文件头时存在整数溢出漏洞，远程攻击者可能利用此漏洞控制用户设备。 如果BMP文件头的offset字段值为负数且Bitmap Information部分（DIB头）指定了8...

Mozilla Foundation Security Advisory 2008-07

Mozilla Foundation Security Advisory 2008-07 Title: Possible information disclosure in BMP decoder Impact: Moderate Announced: February 19, 2008 Reporter: Gynvael Coldwind // Vexillium Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.12 Thunderbird 2.0.0.12 SeaMonkey 1.1.8...

Possible information disclosure in BMP decoder — Mozilla

Security researcher Gynvael Coldwind of Vexillium crediting help from udevd and porneL demonstrated that BMP images could be used to reveal small chunks of uninitialized memory that might contain sensitive data from other pages or other programs, and that this data could be extracted from the ima...

Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-576-1)

Various flaws were discovered in the browser and JavaScript engine. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. CVE-2008-0412, CVE-2008-0413 Flaws were discovered in the file upload form control. A malicious website...

Mozilla information disclosure flaw

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a craft...

USN-576-1: Firefox vulnerabilities

Various flaws were discovered in the browser and JavaScript engine. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. CVE-2008-0412, CVE-2008-0413 Flaws were discovered in the file upload form control. A malicious website...

Debian Security Advisory DSA 1260-1 (imagemagick)

The remote host is missing an update to imagemagick announced via advisory DSA 1260-1. Vladimir Nadvornik discovered that the fix for a vulnerability in the PALM decoder of Imagemagick, a collection of image manipulation programs, was ineffective. To avoid confusion a new CVE ID has been assigned...

Debian Security Advisory DSA 1171-1 (ethereal)

The remote host is missing an update to ethereal announced via advisory DSA 1171-1. Several remote vulnerabilities have been discovered in the Ethereal network scanner, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following...

Debian Security Advisory DSA 657-1 (xine-lib)

The remote host is missing an update to xine-lib announced via advisory DSA 657-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1171)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-985-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1260-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-340)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1137-1 (tiff)

The remote host is missing an update to tiff announced via advisory DSA 1137-1. Tavis Ormandy of the Google Security Team discovered several problems in the TIFF library. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2006-3459 Several stack-buffer overflows...

SuSE 10 Security Update : Qt3 (ZYPP Patch Number 3052)

qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror. CVE-2007-0242 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text descripti...