CVE-2007-0242

The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting XSS and directory traversal attacks via long sequences that decode to dangerous metacharacters...

Cross site scripting

The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting XSS and directory traversal attacks via long sequences that decode to dangerous metacharacters...

CVE-2007-0242

The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting XSS and directory traversal attacks via long sequences that decode to dangerous metacharacters...

CVE-2007-0242

The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting XSS and directory traversal attacks via long sequences that decode to dangerous metacharacters...

CVE-2007-0242

CVE-2007-0242 affects Qt 3.3.8 and 4.2.3 where the UTF-8 decoder in codecs/qutfcodec.cpp does not reject overlong UTF-8 sequences as required by the standard. This allows remote attackers to perform cross-site scripting (XSS) and directory traversal by sending long sequences that decode to danger...

CVE-2007-0242

Removed by vendor...

DEBIAN-CVE-2007-1246

The DMOVideoDecoderOpen function in loader/dmo/DMOVideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerabilit...

SUSE-SA:2006:046: clamav

The remote host is missing the patch for the advisory SUSE-SA:2006:046 clamav. Damian Put discovered a bug in the UPX decoder used for scanning UPX compressed Windows executables. The bug allows for a heap buffer overflow and may potentially be exploitable to execute arbitrary code. ClamAV has be...

DSA-1260 imagemagick

Bulletin has no description...

Opera not vulnerable to JPEG processing vulnerability in Microsoft’s GDI+ library – Opera Security Advisories

Opera not vulnerable to JPEG processing vulnerability in Microsoft’s GDI+ library – Opera Security Advisories OPCOM Team | February 9, 2007 Opera is not vulnerable to the JPEG processing vulnerability in Microsoft’s GDI+ library. Details: Microsoft Security Bulletin MS04-028 Buffer Overrun in JPE...

ImageMagick SGI File Handling Buffer Overflow (CVE-2006-4144)

A buffer overflow vulnerability has been discovered in the ImageMagick SGI decoder component. The vulnerability is due to an error in the ImageMagick SGI decoder component that fails to sufficiently check data contained in SGI files during processing. A remote attacker may exploit this issue by...

Mandrake Linux Security Advisory : libtiff (MDKSA-2006:137)

Tavis Ormandy, Google Security Team, discovered several vulnerabilities the libtiff image processing library : Several buffer overflows have been discovered, including a stack buffer overflow via TIFFFetchShortPair in tifdirread.c, which is used to read two unsigned shorts from the input file...

Debian DSA-1171-1 : ethereal - several vulnerabilities

Several remote vulnerabilities have been discovered in the Ethereal network scanner, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4333 It was discovered that the Q.2391 dissector is vulnerable to...

Debian DSA-1168-1 : imagemagick - several vulnerabilities

Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation tools, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-2440 Eero Hakkinen discovered that the...

USN-358-1: ffmpeg, xine-lib vulnerabilities

XFOCUS Security Team discovered that the AVI decoder used in xine-lib did not correctly validate certain headers. By tricking a user into playing an AVI with malicious headers, an attacker could execute arbitrary code with the target user's privileges. CVE-2006-4799 Multiple integer overflows wer...

GLSA-200609-14 : ImageMagick: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200609-14 ImageMagick: Multiple Vulnerabilities Tavis Ormandy of the Google Security Team discovered a stack and heap buffer overflow in the GIMP XCF Image decoder and multiple heap and integer overflows in the SUN bitmap decoder...

DSA-1171 ethereal - several

Bulletin has no description...

Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)

Heap-based buffer overflow in the PixarLog decoder in the TIFF library libtiff before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors...

DEBIAN-CVE-2006-3462

Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library libtiff before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images...

CVE-2006-3462

Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library libtiff before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images...