Debian Security Advisory DSA 591-1 (libgd2)

The remote host is missing an update to libgd2 announced via advisory DSA 591-1. OpenVAS Vulnerability Test $Id: deb5911.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 591-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-986-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 985-1 (libtasn1-2)

The remote host is missing an update to libtasn1-2 announced via advisory DSA 985-1. Evgeny Legerov discovered several out-of-bounds memory accesses in the DER decoding component component of the Tiny ASN.1 Library that allows attackers to crash the DER decoder and possibly execute arbitrary code...

CVE-2008-0036

Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding...

Buffer overflow

Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding...

[SECURITY] [DSA 1461-1] New libxml2 packages fix denial of service

------------------------------------------------------------------------ Debian Security Advisory DSA-1461-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 13, 2008 http://www.debian.org/security/faq -...

Important: libxml2 security update

2.5.10-8.0.1 - Add patch libxml2-enterprise.patch, and other logo changes in tarball 2.5.10-8 - Patch to fix UTF-8 decoding problem CVE-2007-6284 - Resolves: rhbz425930...

Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libcairo regression (USN-550-3)

USN-550-1 fixed vulnerabilities in Cairo. A bug in font glyph rendering was uncovered as a result of the new memory allocation routines. In certain situations, fonts containing characters with no width or height would not render any more. This update fixes the problem. We apologize for the...

Design/Logic Flaw

Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection...

CVE-2007-5793

Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection...

CVE-2007-5493

The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded...

Design/Logic Flaw

The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded...

CVE-2007-5493

The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded...

Moderate: kdelibs security update

3.5.4-13.el5.0.1 - Remove Version branding - Maximum rpm trademark logos removed pics/crystalsvg/-mime-rpm 3.5.4-13.el5 - Resolves: 293571 CVE-2007-0537 Konqueror improper HTML comment rendering CVE-2007-1564 FTP protocol PASV design flaw affects konqueror 3.5.4-12.el5 - resolves: 293421,...

QT off by one buffer overflow

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service crash via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but...

IPS-1 Protection Update for WWW2 (Version 27)

Microsoft IIS decodes Unicode character sets in a variety of ways. There is an uncommon way of creating Unicode characters in HTTP, which IIS but no other known web servers decode. It is in the form of percent-u-hexchar-hexchar-hexchar-hexchar. The IPS-1 WWW2 protocol subsystem has been updated t...

Apache mod_jk: Directory traversal

Background Apache modjk is a connector for the Tomcat web server. Description Apache modjk decodes the URL within Apache before passing them to Tomcat, which decodes them a second time. Impact A remote attacker could browse a specially crafted URL on an Apache server running modjk, possibly gaini...

Re: GDI+ and Internet Explorer question

IE has its own image decoders for many image types jpeg, ico, etc. You can trigger this bug remotely by renaming your .ico to .emf or .wmf, which forces it be opened by the Picture and Fax Viewer using GDI+. -HD On Saturday 09 June 2007 06:40, [email protected] wrote: fails to crash my Internet...

[SECURITY] Fedora 7 Update: zvbi-0.2.25-1.fc7

ZVBI provides functions to capture and decode VBI data. The vertical blanki ng interval VBI is an interval in a television signal that temporarily suspe nds transmission of the signal for the electron gun to move back up to the first line of the television screen to trace the next screen field. T...

Avira Antivir integer overflow

Integer overflow during .LZH archive parsing leads to buffer overflow. Devision by zero on UPX decoding. Infinite loop on TAR parsing...