Debian DSA-3724-1 : gst-plugins-good0.10 - security update

Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing- exploitation.html This update removes the...

CVE-2016-9634

Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Mitigation This...

CVE-2016-9636

Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Mitigation This...

Apple macOS Sierra Core Image Memory Corruption Vulnerability

Apple macOS Sierra is a specialized operating system developed by Apple for Mac computers, and Core Image is one of the graphical considerations framework. A memory corruption vulnerability exists in Core Image in Apple macOS Sierra versions prior to 10.12.1. A remote attacker can exploit this...

Debian Security Advisory DSA 3724-1 (gst-plugins-good0.10 - security update)

Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html This update removes the insecu...

LibTIFF tif_pixarlog.c Heap Buffer Overflow Vulnerability

LibTIFF is a library for reading and writing the Tagged Image File Format abbreviated as TIFF. A security vulnerability exists in libtiff version 4.0.6 in tifpixarlog.c, which can lead to out-of-bounds write operations in the heap buffer...

LibTIFF 'tif_print.c' Denial of Service Vulnerability

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. A denial of service vulnerability exists in LibTIFF 'tifprint.c', which can be exploited by ...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

HDF5 Group libhdf5 H5T_COMPOUND Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0179 HDF5 Group libhdf5 H5TCOMPOUND Code Execution Vulnerability November 17, 2016 CVE Number CVE-2016-4333 Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and...

openSUSE Security Update : ImageMagick (openSUSE-2016-1242)

This update for ImageMagick fixes the following issues : - CVE-2016-8684: Mismatch between real filesize and header values bsc1005123 - CVE-2016-8683: Check that filesize is reasonable compared to the header value bsc1005127 - CVE-2016-8682: Stack-buffer read overflow while reading SCT header...

CVE-2016-8332

A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap...

CVE-2016-8332

A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap...

UBUNTU-CVE-2016-8331

An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the applicatio...

CVE-2016-7960

Siemens SIMATIC STEP 7 TIA Portal before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors...

[SECURITY] Fedora 23 Update: python-pillow-3.0.0-6.fc23

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...

[SECURITY] Fedora 24 Update: python-pillow-3.2.0-3.fc24

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...

FreeImage Library XMP Image Handling Code Execution Vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this...

ImageMagick remote execution vulnerability analysis and exploit-vulnerability warning-the black bar safety net

1.1 ImageMagick description 1. ImageMagick description ImageMagick is a set of powerful, stable and open source set of tools and development kits that can be used to read, write and process the more than 8 9 basic format of the picture file, including the popular TIFF, JPEG, GIF, PNG, PDF, and...

DLA-610-1 tiff3 - security update

Bulletin has no description...

CVE-2016-1464

Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375...