[SECURITY] Fedora 26 Update: libdwarf-20170416-1.fc26

Library to access the DWARF debugging file format which supports source level debugging of a number of procedural languages, such as C, C++, and Fortran. Please see http://www.dwarfstd.org for DWARF specification...

Microsoft Office Word Malicious Hta Execution Exploit

This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how an olelink object can make a https request, and execute hta code in response. This bug was originally seen being exploited in the wild...

CVE-2016-7516

The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service out-of-bounds read via a crafted VIFF file...

ALPINE-CVE-2016-5010

coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TIFF file...

CVE-2016-7529

coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service out-of-bounds read via a crafted XCF file...

[SECURITY] Fedora 26 Update: libtiff-4.0.7-5.fc26

The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...

CVE-2017-3036

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in image conversion related to processing of the PCX picture exchange file format. Successful exploitation could lead to arbitrary code executi...

CVE-2017-3052

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of EMF - enhanced meta file format...

Memory corruption

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in image conversion related to processing of the PCX picture exchange file format. Successful exploitation could lead to arbitrary code executi...

CVE-2017-3036

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in image conversion related to processing of the PCX picture exchange file format. Successful exploitation could lead to arbitrary code executi...

UBUNTU-CVE-2016-10272

LibTIFF 4.0.7 allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tifnext.c:64:9...

DEBIAN-CVE-2016-10270

LibTIFF 4.0.7 allows remote attackers to cause a denial of service heap-based buffer over-read or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tifread.c:523:22...

Ichitaro Office Excel File Code Execution Vulnerability

Summary A vulnerability was discovered within the Ichitaro word processor. Ichitaro is published by JustSystems and is considered one of the more popular word processors used within Japan. Ichitaro handles Microsoft Excel’s .xls file format. When processing a record type of 0x3c from a Workbook...

SUSE-SU-2017:0529-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2016-10046: Prevent buffer overflow in draw.c caused by an incorrect length calculation bsc1017308 - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped bsc1017310 - CVE-2016-10049: Corrupt RLE...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

[SECURITY] Fedora 25 Update: netpbm-10.77.00-3.fc25

The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm portable bitmaps, .pgm portable graymaps, .pnm portable anymaps, .ppm portable pixmaps and others...

libtiff: TIFFFlushData1 heap-buffer-overflow

tifwrite.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1 that didn't reset the tifrawcc and tifrawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."...

shellcode programming: in memory in the parsing API to address-vulnerability warning-the black bar safety net

For Windows all with position-independent code, PIC core feature is based on a real-time analysis the API function address. It is a very important task. Here I introduce two popular methods, the use of the import address table IAT, and export address table to EAT is by far the most stable method...

ALPINE-CVE-2016-5317

Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack crash via a crafted TIFF file...

[ASA-201701-17] lib32-flashplugin: multiple issues

Arch Linux Security Advisory ASA-201701-17 ========================================== Severity: Critical Date : 2017-01-12 CVE-ID : CVE-2017-2925 CVE-2017-2926 CVE-2017-2927 CVE-2017-2928 CVE-2017-2930 CVE-2017-2931 CVE-2017-2932 CVE-2017-2933 CVE-2017-2934 CVE-2017-2935 CVE-2017-2936 CVE-2017-29...