Ghisler Total Commander FileInfo plugin Denial of Service Vulnerability

Ghisler Total Commander formerly Windows Commander is a suite of disk file management software from the Swiss company Ghisler that replaces Explorer.File Info is one of the file information plug-ins. A security vulnerability exists in the Ghisler Total Commander File Info plug-in. A remote attack...

Apple iOS .tiff File Handling Memory Corruption Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. Apple iOS suffers from a security vulnerability in the handling of .tiff files that allows an attacker to construct malicious .tiff files and trick apps into parsing them, which can crash the app or execu...

php: Free called on unitialized pointer in exif.c

An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exifreaddata function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

Microsoft Excel Malformed Chart Sheet Substream Memory Corruption (MS10-038) - Ver2 (CVE-2010-0823)

Microsoft Excel is a spreadsheet application released by the Microsoft Corporation. Its native file format is the Binary Interchange File Format BIFF, which is available is several versions. An Excel file contains information about the various spreadsheets that form an Excel workbook, the data an...

Microsoft Windows GDI+ BMP File Parsing Integer Overflow (MS08-052) - Ver2 (CVE-2008-3015)

Bitmap BMP is an image file format used to store bitmap digital images. A remote code execution vulnerability has been discovered in the way GDI+ handles integer calculations for BMP files. The vulnerability is due to a buffer overflow when GDI+ fails to properly processes a malformed header in a...

Microsoft Excel File Format Code Execution (MS12-030) - Ver2 (CVE-2012-0141)

A remote code execution vulnerability has been reported in Microsoft Excel. The vulnerability is due to an error in the way Microsoft Excel handles memory when opening specially crafted Excel files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted Exc...

Microsoft Graphics Filters TIFF Image Converter Buffer Overflow (MS10-105) - Ver2 (CVE-2010-3950)

Tagged Image File Format TIFF is a container format for storing images, including photographs and line art. A buffer overflow vulnerability has been discovered in the way that Microsoft Office parses specially crafted TIFF image files. The vulnerability is due to an error in Microsoft Office TIFF...

DLA-221-1 tiff - security update

Bulletin has no description...

MS15-054: Vulnerability in Microsoft Management Console File Format Could Allow Denial of Service (3051768)

The remote Windows host is affected by a flaw due to a failure to properly validate a destination buffer when retrieving icon information from a specially crafted Microsoft Management Console .msc file. An unauthenticated, remote attacker, by tricking a victim into opening a malicious .msc file,...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

RedHat Update for flac RHSA-2015:0767-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for flac CESA-2015:0767 centos7

Check the version of flac SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882152";...

Microsoft Windows AVI Processing Malformed Header Code Execution (MS09-038) - Ver2 (CVE-2009-1545)

Audio Video Interleave AVI is a special case of Resource Interchange File Format RIFF. This file type used with applications that capture, edit, and play back audio-video sequences. A remote code execution vulnerability has been discovered in the way Microsoft Windows handles specially crafted AV...

jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012)

A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code...

ecryptfs-utils: hard-coded passphrase salt

eCryptfs uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack. By default, the wrapping key is hashed with the default fixed salt 0x0011223344556677. This update introduces the version 2 wrapped-passphrase file...

arCHMage Directory Traversal Vulnerability

arCHMage is the software developer Basil Shubin is responsible for maintaining a CHM Help File Format format file reader and decompiler. A directory traversal vulnerability exists in arCHMage version 0.2.4. A remote attacker can write an arbitrary file via the directory traversal character '...' ...

Hero big eye processing of the TGA File format buffer overflow vulnerability, the EIP can be controlled-the vulnerability warning-the black bar safety net

Brief description: Software description: http://baike.baidu.com/view/222352.html Download: http://www.onlinedown.net/soft/2704.htm http://dl.pconline.com.cn/html2/1/114/id=1879&pn=0.html In the processing of the TGA File format when there is a buffer overflow vulnerability, the eip can be...

[SECURITY] Fedora 21 Update: sox-14.4.1-7.fc21

SoX Sound eXchange is a sound file format converter SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects...

Javascript Injection For Eval-Based Unpackers

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/jsobfu' class Metasploit3 'Javascript Injection for Eval-based Unpackers', 'Description' = %q This module generates a...