CVE-2015-0806

The Off Main Thread Compositing OMTC implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code o...

Memory corruption crashes in Off Main Thread Compositing — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover two memory corruption crashes during 2D graphics rendering due to problems in Off Main Thread Compositing. These crashes are potentially exploitable...

Microsoft Windows Graphics Rendering Engine Buffer Overflow (MS04-032) - Ver2 (CVE-2004-0209)

The Microsoft Windows Metafile Format WMF is used to store pictures and other graphical renderings as either vector or bitmap-format graphical data. The vector data stored in WMF files is described as Microsoft Windows Graphics Device Interface GDI commands. The WMF format is the original 16-bit...

Microsoft Graphics Rendering Engine Thumbnail Image Stack Buffer Overflow - Ver2 (CVE-2010-3970)

Thumbnails are reduced-size versions of pictures, used to help in recognizing and organizing them, serving the same role for images as a normal text index does for words. A stack buffer overflow vulnerability has been discovered in Microsoft's Graphics Rendering Engine. The vulnerability is due t...

Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/16167/info Microsoft Windows WMF graphics-rendering engine is affected by multiple memory-corruption vulnerabilities. These issues affect the 'ExtCreateRegion' and 'ExtEscape' functions. These problems present themselves...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-2012-136)

update to version 1.11.1 to fix several security issues : - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class -...

Two New Vulnerabilities Linked to Latest IE Zero Day

UPDATE – Researchers at Websense said today they may have isolated two components within the VGX library that are being exploited by attackers targeting the latest Internet Explorer zero-day vulnerability. By combing through millions of Windows crash reports sent via the Windows Error Reporting...

Microsoft Windows Graphics Rendering Engine Code Execution (MS07-046) - Ver2 (CVE-2007-3034)

The Windows Metafile WMF is a standard Windows image file format. It consists of a set of graphics functions and parameters that describe the steps required to render an image. WMF is a 16-bit format that can contain both vector and bitmap information. A WMF file contains a main header, followed ...

OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64 (20120221)

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could u...

RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2012:0514)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0514 advisory. - OpenJDK: JavaSound incorrect bounds check Sound, 7088367 CVE-2011-3563 - GlassFish: hash table collisions CPU usage DoS oCERT-2011-003...

OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

Ubuntu: Security Advisory (USN-1373-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2420-1 : openjdk-6 - several vulnerabilities

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform. - CVE-2011-3377 The IcedTea browser plugin included in the openjdk-6 package does not properly enforce the Same Origin Policy on web content served under a domain name which has a common suffix...

java-1.6.0-openjdk security update

1.6.0.0-1.25.1.10.6.0.1.el58 - Add oracle-enterprise.patch 1:1.6.0.0-1.25.1.10.6 - Updated to IcedTea6 1.10.6 - Resolves: rhbz787142 - Security fixes - S7082299: Fix in AtomicReferenceArray - S7088367: Fix issues in java sound - S7110683: Issues with some KeyboardFocusManager method - S7110687:...

java-1_6_0-openjdk: Update to iced tea 1.11.1 b24 security release (important)

java-160-openjdk was updated to the b24 release, fixing multiple security issues: Security fixes - S7082299, CVE-2011-3571: Fix inAtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687,...

Fedora 15 : java-1.6.0-openjdk-1.6.0.0-63.1.10.6.fc15 (2012-1721)

The update contains the following security fixes : - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700,...

Important: Red Hat Security Advisory: java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:021)

Multiple security issues were identified and fixed in OpenJDK icedtea6 : Fix issues in java sound CVE-2011-3563. Fix in AtomicReferenceArray CVE-2011-3571. Add property to limit number of request headers to the HTTP Server CVE-2011-5035. Incorect checking for graphics rendering object...

Fedora 16 : java-1.7.0-openjdk-1.7.0.3-2.1.fc16 (2012-1690)

Updated to OpenJDK7u3/IcedTea7 2.1 - Security fixes : - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7082299, CVE-2011-3571: AtomicReferenceArray insufficient array type check - S7110687, CVE-2012-0503: Unrestricted use of TimeZone.setDefault - S7110700,...