Scientific Linux Security Update : bzip2 on SL3.x, SL4.x, SL5.x i386/x86_64

An integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing malformed archives, cause bzip2, or an application linked against the libbz2 library, to crash or, potentially, execute arbitrary code. CVE-2010-0405 All running applications using the...

Scientific Linux Security Update : cups on SL6.x i386/x86_64

The Common UNIX Printing System CUPS provides a portable printing layer for UNIX operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch LZW decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF ima...

XnView Multiple Image Decompression Heap Overflow Vulnerabilities (Windows)

This host has XnView installed and is prone to multiple heap based buffer overflow vulnerabilities. Vulnerabilities Insight: - Insufficient validation when decompressing SGI32LogLum compressed TIFF images. - Insufficient validation when decompressing SGI32LogLum compressed TIFF images where the...

IrfanView DjVu Plugin DjVu Image File Decompression Overflow

The version of the IrfanView DjVu plugin DjVu.dll was found to be less than 4.34. As such, it is reportedly affected by a heap-based buffer overflow vulnerability that can be triggered by tricking users into opening a .djvu file with a specially crafted DjVu image that is not properly handled...

IrfanView 4.33 - Format PlugIn ECW Decompression Heap Overflow

IrfanView 4.33 - Format PlugIn ECW Decompression Heap Overflow Application: IrfanView 4.33 Format PlugIn ECW Decompression Heap Overflow Plateform: Windows Exploitation: Remote code execution Secunia Number: SA49204 PRL: 2012-10 Author: Francis Provencher Protek Research Lab's Website:...

IrfanView 4.33 - Format PlugIn ECW Decompression Heap Overflow

Application: IrfanView 4.33 Format PlugIn ECW Decompression Heap Overflow Plateform: Windows Exploitation: Remote code execution Secunia Number: SA49204 PRL: 2012-10 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction...

CVE-2012-0278

Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression...

Heap overflow

Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression...

CVE-2012-0278

Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression...

IrfanView FlashPix PlugIn - Decompression Heap Overflow

IrfanView FlashPix PlugIn - Decompression Heap Overflow Application: IrfanView FlashPix PlugIn Decompression Heap Overflow Platforms: Windows Secunia Number: SA48772 PRL: 2012-08 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1...

busybox security and bug fix update

1:1.2.0-13 - Resolves: 768083 'busybox various flaws' including: 'buffer underflow in decompression' 'udhcpc insufficient checking of DHCP options' 1:1.2.0-12 - Resolves: 756723 'Kdump fails after findfs subcommand of busybox fails' 1:1.2.0-11 - Resolves: 689659 ''busybox cp' does not return a...

RedHat Update for cups RHSA-2012:0302-03

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Ubuntu 10.04 LTS / 10.10 : xulrunner-1.9.2 vulnerability (USN-1367-4)

USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Xulrunner. Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a...

libpng: Heap buffer overflow in png_decompress_chunk (MFSA 2012-11)

Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation...

WinMount "WMDrive.sys"驱动程序IOCTL处理本地拒绝服务漏洞

BUGTRAQ ID: 51034 CVE ID: CVE-2011-5032 WinMount是一款免费的Windows小工具，具有压缩、解压、浏览压缩和挂载DVD、CD、虚拟机硬盘镜像等功能。 WinMount WMDrive.sys驱动程序在IOCTL处理的实现上存在本地拒绝服务漏洞，本地攻击者可利用此漏洞造成系统崩溃，导致拒绝服务。 0 WinMount 3.5.1018 厂商补丁： WinMount -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.winmount.com/...

BSD compress LZW decoder buffer overflow

The LZW decompressor in 1 the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and 2 compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products,...

Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktim...

FreeBSD Security Advisory (FreeBSD-SA-11:04.compress.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-11:04.compress.asc ADV FreeBSD-SA-11:04.compress.asc OpenVAS Vulnerability Test $ Description: Auto generated from ADV FreeBSD-SA-11:04.compress.asc Authors: Thomas Reinke Copyright: Copyright c...

FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1)

Problem Description: The code used to decompress a file created by compress1 does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted fi...

DEBIAN-CVE-2011-3262

tools/libxc/xcdombzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service management software infinite loop and management domain resource consumption via unspecified vectors related to "Lack of error checking in the decompression loop."...