JVN#01837169: Installer of WinShot may insecurely load Dynamic Link Libraries

Installer of WinShot contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use ZIP file format WinShot When using WinShot, download the...

JVN#71816327: Installer of JTrim may insecurely load Dynamic Link Libraries

Installer of JTrim contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use ZIP file format JTrim When using JTrim, download the ZIP fi...

Silicon Graphics LibTIFF 'TIFFPrintDirectory' Function Null Pointer Dereference Vulnerability

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. A security vulnerability exists in the 'TIFFPrintDirectory' function of the tifprint.c file ...

UBUNTU-CVE-2018-7339

The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service overflow, insufficient memory allocation, and segmentation fault or possibly have unspecified other impact via a crafte...

[SECURITY] Fedora 27 Update: sox-14.4.2.0-16.fc27

SoX Sound eXchange is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects...

Acme CADSee Handles TIFF Files with Denial of Service Vulnerability

Acme CADSee is a specialized viewer for CAD drawing files. Acme CADSee suffers from a memory corruption vulnerability when handling TIFF format files, which can cause an attacker to crash the program by constructing a TIFF format file, and if successfully exploited, can cause arbitrary code...

ImpulseAdventure JPEGsnoop De-Zero Denial of Service Vulnerability

ImpulseAdventure JPEGsnoop is a Windows-based application for decoding JPEG files. The program is used to check and decode the internal information of JPEG, MotionJPEG and PhotoShop files. A numeric error vulnerability exists in the JFIF decoding processing in ImpulseAdventure JPEGsnoop version...

ImageMagick memory leak vulnerability (CNVD-2018-01383)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A memory leak vulnerability exists in the 'ReadTIFFImage' function in the coders/tiff.c file in ImageMagick version...

CVE-2018-5684

In Libav through 12.2, there is an invalid memcpy call in the ffmovreadstsdentries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service segmentation fault and program failure with a crafted avi file...

Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes)

/ Title: Add map in /etc/hosts file - 79 bytes Date: 2015-03-02 Architecture: armv6l GNU/Linux Website: http://osandamalith.wordpress.com E-Mail: osandacatunseen.is Author: Osanda Malith Jayathissa @OsandaMalith hosts: file format elf32-littlearm Disassembly of section .text: 00008054 : 8054:...

PYSEC-2017-141

Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file...

ImageMagick memory leak vulnerability (CNVD-2018-00100)

ImageMagick is a software for creating, editing, and compositing images that can read, convert, and write images in many formats. A memory leak vulnerability exists in the GetImagePixelCache function in magick/cache.c in ImageMagick version 7.0.7-12 Q16. An attacker can exploit this vulnerability...

Denial of Service Vulnerability in Mango TV Client Handling AVIs

Mango TV is the only Internet video platform under Hunan Radio and Television, exclusively providing HD video live on-demand broadcast of all Hunan TV programs and providing users with all kinds of popular movies, TV dramas, variety shows, animation, music, entertainment and other content. A deni...

Retargetable Machine-Code Decompiler: RetDec

RetDec is a retargetable machine-code decompiler based on LLVM . The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR archive, Intel HEX, and raw machine code. Supported architectures 32...

Unspecified Vulnerability in SAP BASIS SAP Note Assistant

SAP BASIS is Germany SAP SAP company engaged in sap system management of a role, mainly responsible for sap system planning, installation, configuration, monitoring, maintenance, tuning, etc. SAP Note Assistant is one of the Note problem-solving aids. Mainly responsible for sap system planning,...

New Android vulnerability allows attackers to modify apps without affecting their signatures(CVE-2017-13156)

A serious vulnerability CVE-2017-13156 in Android allows attackers to modify the code in applications without affecting their signatures. The root of the problem is that a file can be a valid APK file and a valid DEX file at the same time. We have named it the Janus vulnerability, after the Roman...

GNU Binutils Denial of Service Vulnerability (CNVD-2017-36671)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. The binary file descriptor inventory used in GNU Binutils 2.29.1 is vulnerable to a denial of service. A remote attacker could exploit this...

UBUNTU-CVE-2017-17124

The bfdcoffreadstringtable function in coffgen.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service excessive memory consumption, ...

radare2 denial of service vulnerability (CNVD-2017-36084)

radare2 is a set of libraries and tools for working with binary files. A security vulnerability exists in the 'storeversioninfognuverneed' function in the libr/bin/format/elf/elf.c file in radare2 version 2.0.1. A remote attacker can exploit this vulnerability to cause a denial of service...

CAJViewer suffers from a memory corruption vulnerability (CNVD-2017-34954)

CAJviewer is a specialized full-text format reader for China Journal Network CJN, which supports CJN's TEB, NH, CAJ, KDH and PDF files. CAJviewer suffers from a memory corruption vulnerability when handling special CAJ files, which can be exploited by attackers to cause a denial of service...