CVE-2019-5076

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victio...

envoy/header_parser_fuzz_test: Crash in Envoy::Router::StreamInfoHeaderFormatter::StreamInfoHeaderFormatter

Project: https://github.com/envoyproxy/envoy.git Detailed report: https://oss-fuzz.com/testcase?key=5702537941876736 Project: envoy Fuzzer: libFuzzerenvoyheaderparserfuzztest Fuzz target binary: headerparserfuzztest Job Type: libfuzzerubsanenvoy Platform Id: linux Crash Type: UNKNOWN READ Crash...

CVE-2018-6924

In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory...

tcpdump: Buffer over-read in print-frag6.c:frag6_print() in IPv6 fragmentation header parser

The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6print...

EulerOS 2.0 SP1 : tcpdump (EulerOS-SA-2017-1280)

According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvpobjprint.CVE-2017-13048 - The ARP parser in tcpdump before...

CVE-2017-12986

CVE-2017-12986 affects tcpdump prior to 4.9.2, caused by a buffer over-read in the IPv6 routing header parser (print-rt6.c: rt6_print). This could allow a remote attacker to obtain sensitive information from crafted packets. The Debian/IBM advisories confirm the issue and list tcpdump 4.9.2 as th...

Apache Tomcat Denial of Service Vulnerability (CNVD-2016-11592)

Apache Tomcat is a popular open source JSP application server program. A denial of service vulnerability exists in Apache Tomcat, which can be exploited by an attacker to cause the HTTP/2 header parser to enter an infinite loop, resulting in a denial of service...

PT-2016-7120 · Apache · Apache Tomcat

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 8.5.0 through 8.5.6 Apache Tomcat versions 9.0.0.M1 through 9.0.0.M11 Description: The HTTP/2 header parser in Apache Tomcat entered an infinite loop if a header was received that was larger than the available buffer...

CVE-2013-7299

framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator from being added and causes Tntnet to include headers from other requests...

Debian: Security Advisory (DSA-2252-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS / 10.10 / 11.04 : dovecot vulnerability (USN-1143-1)

It was discovered that the message header parser in Dovecot did not properly handle '\0' characters in header names. This could allow a remote attacker to cause a denial of service through a crafted email message by crashing the Dovecot daemon or corrupting mailboxes. Note that Tenable Network...

Ubuntu Update for dovecot USN-1143-1

Ubuntu Update for Linux kernel vulnerabilities USN-1143-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11431.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for dovecot USN-1143-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...

USN-1143-1: Dovecot vulnerability

It was discovered that the message header parser in Dovecot did not properly handle '\0' characters in header names. This could allow a remote attacker to cause a denial of service through a crafted email message by crashing the Dovecot daemon or corrupting mailboxes...

CVE-2011-1929

lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service daemon crash or mailbox corruption via a crafted e-mail message...

Debian Security Advisory DSA 060-1 (fetchmail)

The remote host is missing an update to fetchmail announced via advisory DSA 060-1. OpenVAS Vulnerability Test $Id: deb0601.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 060-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 1263-1 (clamav)

The remote host is missing an update to clamav announced via advisory DSA 1263-1. Several remote vulnerabilities have been discovered in in the Clam anti-virus toolkit, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems:...

Ubuntu 5.04 / 5.10 / 6.06 LTS : libwmf vulnerability (USN-333-1)

An integer overflow was found in the handling of the MaxRecordSize field in the WMF header parser. By tricking a user into opening a specially crafted WMF image file with an application that uses this library, an attacker could exploit this to execute arbitrary code with the user's privileges. No...

DSA-1263-1 clamav

Bulletin has no description...

Mandrake Linux Security Advisory : clamav (MDKSA-2006:067)

Damian Put discovered an integer overflow in the PE header parser in ClamAV that could be exploited if the ArchiveMaxFileSize option was disabled CVE-2006-1614. Format strings in the logging code could possibly lead to the execution of arbitrary code CVE-2006-1615. David Luyer found that ClamAV...

GLSA-200604-06 : ClamAV: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200604-06 ClamAV: Multiple vulnerabilities ClamAV contains format string vulnerabilities in the logging code CVE-2006-1615. Furthermore Damian Put discovered an integer overflow in ClamAV's PE header parser CVE-2006-1614 and David...