FreeBSD Security Advisory (FreeBSD-SA-11:04.compress.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-11:04.compress.asc ADV FreeBSD-SA-11:04.compress.asc OpenVAS Vulnerability Test $ Description: Auto generated from ADV FreeBSD-SA-11:04.compress.asc Authors: Thomas Reinke Copyright: Copyright c...

FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1)

Problem Description: The code used to decompress a file created by compress1 does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted fi...

DEBIAN-CVE-2011-3262

tools/libxc/xcdombzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service management software infinite loop and management domain resource consumption via unspecified vectors related to "Lack of error checking in the decompression loop."...

CVE-2011-3262

tools/libxc/xcdombzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service management software infinite loop and management domain resource consumption via unspecified vectors related to "Lack of error checking in the decompression loop."...

CVE-2011-3262

tools/libxc/xcdombzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service management software infinite loop and management domain resource consumption via unspecified vectors related to "Lack of error checking in the decompression loop."...

UBUNTU-CVE-2011-2896

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gifreadlzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte functio...

Integer overflow

Multiple integer overflows in tools/libxc/xcdombzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers 1 a buffer overflow during a decompression loop or 2 an...

CVE-2011-1583

Multiple integer overflows in tools/libxc/xcdombzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers 1 a buffer overflow during a decompression loop or 2 an...

BSD compress LZW decoder buffer overflow

The LZW decompressor in 1 the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and 2 compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products,...

libXfont security update

1.4.1-2 - cve-2011-2895.patch: LZW decompression heap corruption...

CVE-2011-2895

The LZW decompressor in 1 the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and 2 compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products,...

libXfont -- possible local privilege escalation

Tomas Hoger reports: The compress/ LZW decompress implentation does not correctly handle compressed streams that contain code words that were not yet added to the decompression table. This may lead to arbitrary memory corruption. Successfull exploitation may possible lead to a local privilege...

Ubuntu Update for curl USN-1158-1

Ubuntu Update for Linux kernel vulnerabilities USN-1158-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11581.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for curl USN-1158-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...

ZDI-11-206: Adobe Shockwave GIF Decompression Remote Code Execution Vulnerability

ZDI-11-206: Adobe Shockwave GIF Decompression Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-206 June 14, 2011 -- CVE ID: CVE-2011-2111 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player --...

Fedora 15 : xen-4.1.0-2.fc15 (2011-6859)

Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest. CVE-2011-1583 Don't require /usr/bin/qemu-nbd as it isn't used at present. Note that Tenable...

xen: insufficiencies in pv kernel image validation

tools/libxc/xcdombzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service management software infinite loop and management domain resource consumption via unspecified vectors related to "Lack of error checking in the decompression loop."...

paravirtualised kernel image validation

ISSUE DESCRIPTION 1. Problems ----------- The functions which interpret the kernel image supplied for a paravirtualised guest, and decompress it into memory when booting the domain, are incautious. Specifically: i Integer overflow in the decompression loop memory allocator might result in...

Microsoft HTML Help 6.1 - Local Stack Overflow

Source: http://aluigi.org/adv/chm1-adv.txt Luigi Auriemma Application: Microsoft HTML Help http://www.microsoft.com Versions: = 6.1 Platforms: Windows any version included the latest Windows 7 Bug: stack overflow Date: 12 Apr 2011 found 20 Feb 2011 Author: Luigi Auriemma e-mail:...

acroread: critical APSB11-03

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D U3D file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590,...

ZDI-11-067: Adobe Acrobat Reader U3D Texture rgba RLE Decompression Remote Code Execution Vulnerability

ZDI-11-067: Adobe Acrobat Reader U3D Texture rgba RLE Decompression Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-067 February 8, 2011 -- CVE ID: CVE-2011-0591 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Adobe -- Affected Products: Adobe...