UBUNTU-CVE-2016-9600

JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash...

CVE-2016-9591

JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer...

[SECURITY] Fedora 27 Update: sharutils-4.15.2-8.fc27

The sharutils package contains the GNU shar utilities, a set of tools for encoding and decoding packages of files in binary or text format in a special plain text format called shell archives shar. This format can be sent through e-mail which can be problematic for regular binary files. T he shar...

CVE-2017-18215

The CVE-2017-18215 entry concerns the image tool xv, version 3.10a. Affected component: xvpng.c in xv 3.10a. Root cause: memory corruption (out-of-bounds write) when decoding PNG comment fields due to an incorrect length value. Impact: potential crashes or code execution as stated in the sources....

DEBIAN-CVE-2018-7557

The decodeinit function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service Out of array read via an AVI file with crafted dimensions within chroma subsampling data...

Sean Barrett stb_vorbis Buffer Overflow Vulnerability

Sean Barrett stbvorbis is a single-file public domain library based on C++. A buffer overflow vulnerability exists in the entire vorbis decoding path in Sean Barrett stbvorbis 1.12 and earlier. An attacker can exploit this vulnerability to corrupt memory, cause a denial of service, and execute a...

CVE-2018-7173

A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding...

UBUNTU-CVE-2018-7173

A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding...

Design/Logic Flaw

A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding...

CVE-2018-7173

A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding...

CVE-2018-7173

CVE-2018-7173 affects xpdf 4.00. A large loop in JBIG2Stream::readSymbolDictSeg can be exploited by a crafted PDF/file to trigger a denial of service. The description and connected sources consistently describe DoS via inappropriate decoding in JBIG2Stream::readSymbolDictSeg; no patch/version det...

CVE-2017-15341

Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploi...

CVE-2017-15341

The CVE-2017-15341 issue affects Huawei AR3200 (V200R008C20/V200R008C30) and TE40/TE50/TE60 platforms (V600R006C00). The root cause is improper decoding of X.509 certificates, enabling a remote unauthenticated attacker to trigger a denial of service on the device. Public references indicate DoS i...

Word-based Malware Attack Doesn’t Use Macros

Typically, inbox-based attacks that include malicious Microsoft Office attachments require adversaries to trick users into enabling macros. But researchers say they have identified a new malicious email campaign that uses booby-trapped Office attachments that are macro-free. The attacks do not...

USN-3565-1 exim4 vulnerability

Meh Chang discovered that Exim incorrectly handled memory in certain decoding operations. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-3565-1: Exim vulnerability

Meh Chang discovered that Exim incorrectly handled memory in certain decoding operations. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2018-1000050

Sean Barrett stbvorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg...

Exim SMTP Mail Server Buffer Overflow Vulnerability

Exim is a MTA Mail Transfer Agent, Mail Transfer Agent server software, which is developed under the GPL and is open source software. The software mainly runs on UNIX-like systems. Usually the software will be used with Dovecot or Courier and other software. A buffer overflow vulnerability exists...

Exim SMTP server RCE via base64d

Exim SMTP email server versions before 4.90 are vulnerable to remote code execution via a vulnerability in Base64 decoding. Recent assessments: asoto-r7 at June 25, 2019 6:25pm UTC reported: There are a few PoCs for this one. Exim is a bear to setup and I wouldn’t be shocked to find unpatched...

IDAsec - IDA plugin for reverse-engineering and dynamic interactions with the Binsec platform

IDA plugin for reverse-engineering and dynamic interactions with the Binsec platform Features Decoding an instruction in DBA IR Loading execution traces generated by Pinsec Triggering analyzes on Binsec and retrieving results Dependencies protobuf ZMQ capstone for trace disassembly graphviz to dr...