Apple OS X OpenGL Memory Corruption Arbitrary Code Execution Vulnerability (CNVD-2015-08150)

Apple OS X is an operating system developed by Apple Inc. Apple OS X handles OpenGL with a memory corruption vulnerability that allows attackers to construct special WEB pages that can be tricked into loading by the user, which can crash the application or execute arbitrary code...

Vulnerabilities found through code inspection — Mozilla

Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included a buffer overflow in the ANGLE graphics library and two issues of missing status checks in SVG rendering and during cryptographic key manipulation. These...

FreeBSD : mozilla -- multiple vulnerabilities (2d56c7f4-b354-428f-8f48-38150c607a05)

The Mozilla Project reports : MFSA 2015-96 Miscellaneous memory safety hazards rv:41.0 / rv:38.3 MFSA 2015-97 Memory leak in mozTCPSocket to servers MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes MFSA 2015-99 Site attribute spoofing on Android by pasting URL with...

KLA11454 Multiple vulnerabilities in SeaMonkey

Multiple vulnerabilities were found in SeaMonkey. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions and spoof user interface. Below is a complete list of vulnerabilities: 1. Multiple memory corruption vulnerabilities...

Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems — Mozilla

Security researcher Francisco Alonso of the NowSecure Research Team used the Address Sanitizer tool to discover an out-of-bounds read issue during 2D canvas rendering. This was due to an issue in the cairo graphics library when surfaces are created with 32-bit color depth but displayed on a 16-bi...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-96 Miscellaneous memory safety hazards rv:41.0 / rv:38.3 MFSA 2015-97 Memory leak in mozTCPSocket to servers MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes MFSA 2015-99 Site attribute spoofing on Android by pasting URL with...

[SECURITY] [DSA 3351-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3351-1 [email protected] https://www.debian.org/security/ Michael Gilbert September 03, 2015 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3351-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1291 A cross-origin bypass issue was discovered in DOM. CVE-2015-1292 Mariusz Mlynski discovered a cross-origin bypass issue in ServiceWorker. CVE-2015-1293 Mariusz Mlynski discovered a cross-origin bypass issue in...

CVE-2015-2431

Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library OGL font, aka "Microsoft Office Graphics Component Remote Code Execution...

Remote code execution

Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library OGL font, aka "Microsoft Office Graphics Component Remote Code Execution...

CVE-2015-2431

Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library OGL font, aka "Microsoft Office Graphics Component Remote Code Execution...

GNOME Clutter Local Security Bypass Vulnerability

GNOME Clutter is an open source graphics library GUI and a collection of CAPIs developed by the GNOME project team that uses OpenGL for graphics rendering and is cross-platform and multi-language. A local security bypass vulnerability exists in GNOME Clutter. An attacker can exploit this...

MS15-080 : Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)

The remote Windows host is affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist due to the Windows Adobe Type Manager Library not properly handling specially crafted OpenType fonts. An attacker can exploit these, by using a crafted document or web page wit...

php: missing null byte checks for paths in DOM and GD extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

[SECURITY] [DLA 189-1] libgd2 security update

Package : libgd2 Version : 2.0.36rc1dfsg-5+deb6u1 CVE ID : CVE-2014-2497 CVE-2014-9709 Debian Bug : 744719 Multiple vulnerabilities were discovered in libgd2, a graphics library: CVE-2014-2497 The gdImageCreateFromXpm function would try to dereference a NULL pointer when reading an XPM file with ...

[SECURITY] [DSA 3215-1] libgd2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3215-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini April 06, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3215-1] libgd2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3215-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini April 06, 2015 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3215-1 (libgd2 - security update)

Multiple vulnerabilities were discovered in libgd2, a graphics library: CVE-2014-2497 The gdImageCreateFromXpm function would try to dereference a NULL pointer when reading an XPM file with a special color table. This could allow remote attackers to cause a denial of service crash via crafted XPM...

PHP GD GetCode_Denial of Service Vulnerability

PHP is a popular programming language. The GetCode function in gdgifin.c in PHP GD fails to properly handle GIF images, allowing remote attackers to exploit the vulnerability to construct malicious files that can be parsed by the user, which can be used in denial of service or arbitrary code...

UBUNTU-CVE-2014-9709

The GetCode function in gdgifin.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function...