py-imaging, py-pillow -- Buffer overflow in FLI decoding code

The Pillow maintainers report: In all versions of Pillow, dating back at least to the last PIL 1.1.7 release, FliDecode.c has a buffer overflow error. There is a memcpy error where x is added to a target buffer address. X is used in several internal temporary variable roles, but can take a value ...

py-pillow -- Buffer overflow in TIFF decoding code

The Pillow maintainers report: Pillow 3.1.0 and earlier when linked against libtiff = 4.0.0 on x64 may overflow a buffer when reading a specially crafted tiff file. Specifically, libtiff = 4.0.0 changed the return type of TIFFScanlineSize from int32 to machine dependent int32|64. If the scanline ...

Security update for Java7 (important)

Update OpenJDK to 7u95 / IcedTea 2.6.4 including the following fixes: Security fixes - S8059054, CVE-2016-0402: Better URL processing - S8130710, CVE-2016-0448: Better attributes processing - S8132210: Reinforce JMX collector internals - S8132988: Better printing dialogues - S8133962,...

SUSE-SU-2016:0265-1 Security update for java-1_7_0-openjdk

java-170-openjdk was updated to version 7u95 to fix 9 security issues. bsc962743 - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 SLOTH bsc960996 - CVE-2015-8126: Vulnerability in the AWT...

SUSE-SU-2016:0256-1 Security update for java-1_8_0-openjdk

java-180-openjdk was updated to version 7u95 to fix several security issues. bsc962743 The following vulnerabilities were fixed: - CVE-2015-7575: Further reduce use of MD5 SLOTH bsc960996 - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472:...

Adobe Acrobat and Reader Memory Corruption (APSB16-02: CVE-2016-0936)

A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader decodes CMYK files where a JPEG image has invalid values for the three component chrominance subsampling. A remote attacker can exploit this vulnerability...

Microsoft Silverlight Denial of Service Vulnerability

Microsoft Silverlight is a cross-browser, cross-platform .NET implementation for building media experiences and interactive applications for the Web. Microsoft Silverlight incorrectly handles negative offsets in decoding, which a remote attacker can crash an application or execute arbitrary code ...

CVE-2016-0034

Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service object-header corruption via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability."...

PT-2016-1037 · Microsoft · Silverlight

Name of the Vulnerable Software and Affected Versions: Microsoft Silverlight versions prior to 5.1.41212.0 Description: The issue is related to the mishandling of negative offsets during decoding, which can be exploited by remote attackers to execute arbitrary code or cause a denial of service vi...

FLARE Script Series: Automating Obfuscated String Decoding

Introduction We are expanding our script series beyond IDA Pro. This post extends the FireEye Labs Advanced Reverse Engineering FLARE script series to an invaluable tool for the reverse engineer – the debugger. Just like IDA Pro, debuggers have scripting interfaces. For example, OllyDbg uses an...

CVE-2015-8662

The ffdwtdecode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have...

DEBIAN-CVE-2015-8662

The ffdwtdecode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have...

CVE-2015-8662

The ffdwtdecode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have...

CVE-2015-8662

The ffdwtdecode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have...

Libnsgif 0.1.2 Stack Overflow / Out-Of-Bounds Read Exploit

Libnsgif version 0.1.2 suffers from stack overflow and out-of-bounds read vulnerabilities. Overview ======== Libnsgif1 is a decoding library for GIF images. It is primarily developed and used as part of the NetSurf project. As of version 0.1.2, libnsgif is vulnerable to a stack overflow...

Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash

Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash. CVE-2015-7895. Dos exploit for android platform Source: https://code.google.com/p/google-security-research/issues/detail?id=497 Loading the bitmap bmpmemset.bmp can cause a crash due to a memset writing out of bounds. I/DEBUG 2961: pid:...

Autodesk Design Review PCX Remote Code Execution Vulnerability

Autodesk Design Review is free DWF viewer software. Autodesk Design Review suffers from a security vulnerability in the processing of PCX files due to a scanline decoding failure in an allocated buffer. An attacker could exploit this vulnerability to execute arbitrary code in the context of the...

CVE-2015-3195

The ASN1TFLGCOMBINE implementation in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by...

UBUNTU-CVE-2015-3195

The ASN1TFLGCOMBINE implementation in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by...

VulnCheck KEV: CVE-2016-0034

Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service DoS...