MS10-033: Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)

The remote Windows host has multiple unspecified code execution vulnerabilities related to media decompression. A remote attacker could exploit this by tricking a user into opening a specially crafted media file, resulting in arbitrary code execution. C Tenable Network Security, Inc...

Microsoft Media Decompression Remote Code Execution Vulnerability (979902)

This host is missing a critical security update according to Microsoft Bulletin MS10-033. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2010-1880

Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."...

CVE-2010-1879

Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability."...

Design/Logic Flaw

Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."...

CVE-2010-1879

Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability."...

CVE-2010-1879

CVE-2010-1879 corresponds to a remote code execution vulnerability in Microsoft DirectShow/Media Decompression. The issue affects Quartz.dll (DirectShow), Windows Media Format Runtime versions 9, 9.5, 11, Media Encoder 9, and Asycfilt.dll, where specially crafted media data (notably MJPEG in AVI ...

Microsoft Security Bulletin MS10-033 - Critical Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)

Microsoft Security Bulletin MS10-033 - Critical Vulnerabilities in Media Decompression Could Allow Remote Code Execution 979902 Published: June 08, 2010 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in Microsoft Windows...

FreeBSD : png -- libpng decompression denial of service (4fb5d2cd-4c77-11df-83fb-0015587e2cc1)

A vulnerability in libpng can result in denial of service conditions when a remote attacker tricks a victim to open a specially crafted PNG file. The PNG project describes the problem in an advisory : Because of the efficient compression method used in Portable Network Graphics PNG files, a small...

GNU gzip LZH Decompression make_table Stack Modification (CVE-2006-4335)

GNU gzip is a popular compression and decompression utility that ships with all standard Linux distributions, as well as commercial Unix-based operating systems. The utility can create and decompress files which are stored using the DEFLATE algorithm. In addition to the algorithm used in the...

CVE-2010-0526

Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not properly handled during...

Heap overflow

Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted FLC file, related to crafted DELTAFLI chunks and untrusted length values in a .fli file,...

CVE-2010-0520

Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted FLC file, related to crafted DELTAFLI chunks and untrusted length values in a .fli file,...

curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback

contentencoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service application crash or have unspecified othe...

curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback

contentencoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service application crash or have unspecified othe...

Mozilla Fast-Tracks Fix For Critical Firefox Flaw

Mozilla has fast-tracked a patch for a critical vulnerability affecting its flagship Firefox browser. The patch, which was originally slated for release on March 30, fixes a vulnerability that could allow remote code execution attacks. The flaw was originally released into the VulnDisco exploit...

Firefox 3.6.2 Fixes Decompression Bug

Days before the start of Pwn2Own, Mozilla has patched its flagship Firefox browser. The Firefox 3.6.2 update fixes a critical bug in a font decompression routine that could be exploited to “crash a victim’s browser and execute arbitrary code on his/her system,” Mozilla said in a security advisory...

libcurl / cURL DoS

Resources exhaustion on gzip decompression...

WOFF heap corruption due to integer overflow — Mozilla

Security researcher Evgeny Legerov of Intevydis reported that the WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font. An attacker could use this vulnerability to crash a victim...

DEBIAN-CVE-2010-0734

contentencoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service application crash or have unspecified othe...