UBUNTU-CVE-2014-9709

The GetCode function in gdgifin.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function...

SUSE-SU-2015:0835-1 Security update for gd

The graphics drawing library gd has been updated to fix one security issue: possible buffer read overflow CVE-2014-9709 Security Issues: CVE-2014-9709...

openSUSE Security Update : seamonkey (openSUSE-2015-250)

SeaMonkey was updated to 2.33 bnc917597 - MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 Miscellaneous memory safety hazards - MFSA 2015-12/CVE-2015-0833 bmo945192 Invoking Mozilla updater will load locally stored DLL files Windows only - MFSA 2015-13/CVE-2015-0832 bmo1065909 Appended period to hostnam...

Mozilla Firefox < 36.0 Multiple Vulnerabilities

Binary data 8653.prm...

FreeBSD : mozilla -- multiple vulnerabilities (99029172-8253-407d-9d8b-2cfeab9abf81)

The Mozilla Project reports : MFSA-2015-11 Miscellaneous memory safety hazards rv:36.0 / rv:31.5 MFSA-2015-12 Invoking Mozilla updater will load locally stored DLL files MFSA-2015-13 Appended period to hostnames can bypass HPKP and HSTS protections MFSA-2015-14 Malicious WebGL content crash when...

Firefox < 36 Multiple Vulnerabilities

The version of Firefox installed on the remote Windows host is prior to 36.0. It is, therefore, affected by the following vulnerabilities : - An issue exists that allows whitelisted Mozilla domains to make 'UITour' API calls while UI Tour pages are present in background tabs. This allows an...

Crash using DrawTarget in Cairo graphics library — Mozilla

Security researcher Atte Kettunen used the Address Sanitizer tool to discover a crash while drawing images through the Cairo graphics library while using the DrawTarget function. This can result in a segmentation fault due to zero-ing out of memory outside the bounds of the image...

JasPer 'jpc_dec_process_sot()' Remote Heap Buffer Overflow Vulnerability

JasPer is a graphics processing tool that includes a JPEG-2000 Part-1 code implementation. A remote heap buffer overflow vulnerability exists in JasPer 'jpcdecprocesssot' because it fails to perform sufficient bounds checking on user-supplied input. An attacker may be able to exploit this...

[SECURITY] Fedora 20 Update: gd-2.1.0-8.fc20

The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the...

GD Graphics Library PNG Buffer Overflow (CVE-2004-0941)

There is a vulnerability in the way GD Graphics Library parses PNG image files. A malicious file with specially crafted fields can trigger a heap-based buffer overflow. An attacker can exploit this vulnerability to create a denial of service condition or execute arbitrary code...

php: gd extension NUL byte injection in file names

It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions...

UBUNTU-CVE-2014-3173

The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service read of uninitialized memory via a crafted CANVAS element, related to...

[SECURITY] Fedora 20 Update: gd-2.1.0-6.fc20

The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the...

GD Graphics Library 2.0.33 Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18294/info The GD Graphics Library is prone to a denial-of-service vulnerability. Attackers can trigger an infinite-loop condition when the library tries to handle malformed image files. This issue allows attackers to...

GD Graphics Library <= 2.0.34 (libgd) gdImageCreateXbm Function Unspecified DoS

No description provided by source. source: http://www.securityfocus.com/bid/24651/info The GD graphics library is prone to multiple vulnerabilities. An attacker can exploit this issue to cause denial-of-service conditions or execute arbitrary code in the context of applications implementing the...

SeaMonkey Denial of Service Vulnerability-01 (May 2014) - Windows

SeaMonkey is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:seamonkey";...

Mozilla Firefox Denial of Service Vulnerability-01 (May 2014) - Windows

Mozilla Firefox is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SeaMonkey < 2.26 Multiple Vulnerabilities

The installed version of SeaMonkey is a version prior to 2.26 and is, therefore, potentially affected by the following vulnerabilities : - An issue exists in the Network Security NSS library due to improper handling of IDNA domain prefixes for wildcard certificates. This issue could allow man-in-...

Out-of-bounds write in Cairo — Mozilla

Security researcher Jukka Jylänki reported a crash in the the Cairo graphics library. This happens when Cairo paints out-of-bounds to the destination buffer in the compositing function when working with canvas in certain circumstances. This issue allows malicious web content to cause a potentiall...

Ubuntu 12.04 LTS / 12.10 / 13.10 : thunderbird vulnerabilities (USN-2151-1)

Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman and Christoph Diehl discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause...