CLSA-2024-1731337736 bzip2: Fix of CVE-2019-12900

CVE-2019-12900: accept as many selectors as the file format allows but ignore any larger than the theoretical maximum, BZMAXSELECTORS...

RLSA-2024:8833 Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: NULL pointer dereference in tifdirinfo.c CVE-2024-7006 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.

...

Security update for libgsf

This update for libgsf fixes the following issues: CVE-2016-9888: Fixed null pointer dereference with corrupted tar files bsc1014609 CVE-2024-36474: Fixed out-of-bounds index when processing a directory via an integer overflow in the compound document binary file format parser bsc1231282...

ROS-20241029-06

A vulnerability in the ImageOverlay::parse function of the libheif file format decoder and encoder is related to insufficient checking when decoding a HEIF file containing an overlaid image with spurious offsets. Exploitation of the vulnerability could allow an attacker acting remotely to gain...

[SECURITY] Fedora 40 Update: libtiff-4.6.0-5.fc40.1

The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...

libheif 安全漏洞

libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder from struktur open source. A security vulnerability exists in libheif version 1.17.6, which stems from insufficient checks when decoding HEIF files containing forged offsets, which could lead to out-of-bounds reads and write...

USN-7014-3 nginx vulnerability

USN-7014-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: It was discovered that the nginx ngxhttpmp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive is in use, a remote...

PT-2024-31654 · Siemens · Tecnomatix Plant Simulation +1

Name of the Vulnerable Software and Affected Versions: Teamcenter Visualization versions prior to V14.2.0.14 Teamcenter Visualization versions prior to V14.3.0.12 Teamcenter Visualization versions prior to V2312.0008 Tecnomatix Plant Simulation versions prior to V2302.0016 Tecnomatix Plant...

PT-2024-9832 · Siemens · Tecnomatix Plant Simulation +1

Name of the Vulnerable Software and Affected Versions: Teamcenter Visualization versions prior to V14.2.0.14 Teamcenter Visualization versions prior to V14.3.0.12 Teamcenter Visualization versions prior to V2312.0008 Tecnomatix Plant Simulation versions prior to V2302.0016 Tecnomatix Plant...

SUSE CVE-2024-36474

An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-boun...

CVE-2024-42415

An integer overflow vulnerability was found in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf. A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table...

AZL-50064 CVE-2024-36474 affecting package libgsf 1.14.47-2

An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-boun...

UBUNTU-CVE-2024-42415

An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library libgsf. A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector...

CVE-2024-42415

An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library libgsf. A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector...

CVE-2024-42415

An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library libgsf. A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector...

CVE-2024-36474

Summary: CVE-2024-36474 affects the GNOME libgsf library (G Structured File Library), specifically the Compound Document Binary File format parser in version 1.14.52. A crafted file can trigger an integer overflow while processing the directory, allowing an out-of-bounds access and potentially ar...

CVE-2024-36474

An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-boun...

GNOME Project G Structured File Library (libgsf) Compound Document Binary File Sector Allocation Table integer overflow vulnerability

Talos Vulnerability Report TALOS-2024-2069 GNOME Project G Structured File Library libgsf Compound Document Binary File Sector Allocation Table integer overflow vulnerability October 3, 2024 CVE Number CVE-2024-42415 SUMMARY An integer overflow vulnerability exists in the Compound Document Binary...

GNOME Project G Structured File Library (libgsf) Compound Document Binary File Directory integer overflow vulnerability

Talos Vulnerability Report TALOS-2024-2068 GNOME Project G Structured File Library libgsf Compound Document Binary File Directory integer overflow vulnerability October 3, 2024 CVE Number CVE-2024-36474 SUMMARY An integer overflow vulnerability exists in the Compound Document Binary File format...