libpng DoS

Resources exhaustion on data decompression in pngdecompresschunk...

ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability

ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-025 March 9, 2010 -- CVE ID: CVE-2010-0263 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Office Excel -- Vulnerability Details: This...

Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the decompression of XLSX files. The XL...

Design/Logic Flaw

The pngdecompresschunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of...

CVE-2010-0205

CVE-2010-0205 concerns libpng’s png_decompress_chunk() in libpng 1.0.x (before 1.0.53), 1.2.x (before 1.2.43), and 1.4.x (before 1.4.1). The vulnerability arises from improper handling of compressed ancillary-chunk data with an excessively large uncompressed representation, enabling a crafted PNG...

png -- libpng decompression denial of service

A vulnerability in libpng can result in denial of service conditions when a remote attacker tricks a victim to open a specially-crafted PNG file. The PNG project describes the problem in an advisory: Because of the efficient compression method used in Portable Network Graphics PNG files, a small...

Debian DSA-1835-1 : tiff - several vulnerabilities

Several vulnerabilities have been discovered in the library for the Tag Image File Format TIFF. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2285 It was discovered that malformed TIFF images can lead to a crash in the decompression code, resultin...

Heap overflow

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org OOo before 3.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted GIF file, related to LZW...

CVE-2009-2950

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org OOo before 3.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted GIF file, related to LZW...

CVE-2009-2950

CVE-2009-2950 is a heap-based buffer overflow in OpenOffice.org’s GIFLZWDecompressor (decode.cxx) that can be triggered by a crafted GIF file, potentially causing an application crash or arbitrary code execution. Affected product: OpenOffice.org prior to 3.2. Connected advisories (Debian, Red Hat...

CVE-2009-2950

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org OOo before 3.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted GIF file, related to LZW...

CVE-2009-2950

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org OOo before 3.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted GIF file, related to LZW...

openoffice.org: GIF file parsing heap overflow

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org OOo before 3.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted GIF file, related to LZW...

data callback excessive length

When downloading data, libcurl hands it over to the application using a callback that is registered by the client software. libcurl then calls that function repeatedly with data until the transfer is complete. The callback is documented to receive a maximum data size of 16K CURLMAXWRITESIZE. Usin...

CURL-CVE-2010-0734 data callback excessive length

When downloading data, libcurl hands it over to the application using a callback that is registered by the client software. libcurl then calls that function repeatedly with data until the transfer is complete. The callback is documented to receive a maximum data size of 16K CURLMAXWRITESIZE. Usin...

[ MDVSA-2010:019 ] gzip

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:019 http://www.mandriva.com/security/ Package : gzip Date : January 20, 2010 Affected: Corporate 4.0 Problem Description: A vulnerability has been found and corrected in gzip: An integer underflow leading to...

gzip integer overflow

Integer overflow on LZW decompression...

DSA-1974-1 gzip - arbitrary code execution

Bulletin has no description...

Mandriva Security Advisory MDVSA-2009:191-1 (OpenEXR)

The remote host is missing an update to OpenEXR announced via advisory MDVSA-2009:191-1. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Java Web Start Buffer unpack200 processing integer overflow (6830335)

Integer overflow in the unpack200 utility in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to...