Iceni Argus PDF Inflate+LZW Decompression Heap-Based Buffer Overflow Vulnerability(CVE-2016-8387)

Summary An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This can lead to...

unrar directory traversal vulnerability

unrar also known as unrar-free or unrar-gpl is a decompression software used in Linux. A directory traversal vulnerability exists in unrar version 0.0.1. An attacker can exploit this vulnerability to decompress RAR v2 archives into an upper level directory...

CVE-2017-11235

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code...

graphite2: heap-buffer-overflow write "lz4::decompress" (CVE-2017-7772)

A heap-based buffer overflow flaw related to "lz4::decompress" has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code...

graphite2: heap-buffer-overflow write "lz4::decompress" (src/Decompressor)

A heap-based buffer overflow flaw related to "lz4::decompress" src/Decompressor has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code...

graphite2: heap-buffer-overflow write "lz4::decompress" (CVE-2017-7772)

A heap-based buffer overflow flaw related to "lz4::decompress" has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code...

graphite2: heap-buffer-overflow write "lz4::decompress" (src/Decompressor)

A heap-based buffer overflow flaw related to "lz4::decompress" src/Decompressor has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code...

graphite2: heap-buffer-overflow write "lz4::decompress" (src/Decompressor)

A heap-based buffer overflow flaw related to "lz4::decompress" src/Decompressor has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code...

UBUNTU-CVE-2017-7773

Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor...

UBUNTU-CVE-2017-7772

Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function...

CVE-2016-5004

The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service resource consumption by decompressing a large file containing zeroes...

DEBIAN-CVE-2017-8845

The lzo1xdecompress function in lzo1xd.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service invalid memory read and application crash via a crafted archive...

UBUNTU-CVE-2017-8845

The lzo1xdecompress function in lzo1xd.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service invalid memory read and application crash via a crafted archive...

PT-2017-18575 · Conan +1 · Lrzip +1

Name of the Vulnerable Software and Affected Versions: LZO version 2.08 lrzip version 0.631 Description: The issue allows remote attackers to cause a denial of service, resulting in an invalid memory read and application crash, via a crafted archive. This is due to a problem in the lzo1x decompre...

Symantec Messaging Gateway < 10.6.2 RAR File Parser DoS Vulnerabilities

Symantec Messaging Gateway is prone to denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Out-of-bounds

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network ATP; Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection SEP for Windows before 12.1.6 MP5; Symantec Endpoint Protection SEP for Mac;...

Memory corruption

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network ATP; Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection SEP for Windows before 12.1.6 MP5; Symantec Endpoint Protection SEP for Mac;...

CVE-2016-5310

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network ATP; Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection SEP for Windows before 12.1.6 MP5; Symantec Endpoint Protection SEP for Mac;...

NTP Privilege Escalation

Source: http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/ Introduction Problem description: The cronjob script bundled with ntp package is intended to perform cleanup on statistics files produced by NTP daemon running with statistics enabled. The script is run as ro...

Out-of-bounds

The readimagetga function in gdtga.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TGA file, related to the decompression buffer...