bugs in IJG jpeg6b & libjpeg-turbo

Dearly beloved, So, for one reason or another, the IJG jpeg library has gained some notoriety as one of the most robust pieces of complex, security-critical C code. Despite countless fuzzing efforts, I don't recall any reports of serious vulnerabilities at least since the release of jpeg6b in 199...

MGASA-2013-0333 Updated libjpeg packages fix vulnerabilities in libjpeg-turbo

Updated libjpeg packages fix security vulnerabilities: libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component Y in presence of valid chroma data Cr, Cb CVE-2013-6629. libjpeg-turbo will use uninitialized memory when handli...

SuSE Update for Mozilla Suite openSUSE-SU-2013:1633-1 (Mozilla Suite)

Check for the Version of Mozilla Suite OpenVAS Vulnerability Test $Id: gbsuse201316331.nasl 8045 2017-12-08 08:39:37Z santu $ SuSE Update for Mozilla Suite openSUSE-SU-2013:1633-1 Mozilla Suite Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH,...

FreeBSD : mozilla -- multiple vulnerabilities (81f866ad-41a4-11e3-a4af-0025905a4771)

The Mozilla Project reports : MFSA 2013-93 Miscellaneous memory safety hazards rv:25.0 / rv:24.1 / rv:17.0.10 MFSA 2013-94 Spoofing addressbar though SELECT element MFSA 2013-95 Access violation with XSLT and uninitialized data MFSA 2013-96 Improperly initialized memory and overflows in some...

Writing to cycle collected object during image decoding — Mozilla

Mozilla community member Ezra Pool reported a potentially exploitable crash on extremely large pages. This was caused when a cycle collected image object was released on the wrong thread during decoding, creating a race condition...

Mandriva Linux Security Advisory : firefox (MDVSA-2012:145)

Security issues were identified and fixed in mozilla firefox : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we...

Mandriva Update for firefox MDVSA-2012:145 (firefox)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

ImageMagick security and bug fix update

6.2.8.0-12.el5 - Add fix for CVE-2010-4167 767142 6.2.8.0-11.el5 Fix assertion failed when using 'identify -verbose' when theres no image information available 502626 6.2.8.0-10.el5 Fix memory allocation failure when using color option 616538 Fix hang when converting broken GIF 693989 Fix...

ImageMagick security and bug fix update

6.2.8.0-4.el55.2 - Fix SGI image decoding 625058 6.2.8.0-4.el55.1 - Add fix for CVE-2009-1882 504304...

JDK unspecified vulnerability in Java2D component

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Marc...

Google Chrome < 4.0.249.78 Multiple Vulnerabilities

Binary data 5328.pasl...

PDF JBIG2 invalid free()

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data...

giflib security update

CentOS Errata and Security Advisory CESA-2009:0444 Updated giflib packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The giflib packages contain a shared...

CVE-2009-0163

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the 1 cupsImageReadTIFF function in the imagetops filter...

CVE-2009-0163

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the 1 cupsImageReadTIFF function in the imagetops filter...

PDF JBIG2 integer overflow

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file...

cups: Integer overflow in the TIFF image filter

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the 1 cupsImageReadTIFF function in the imagetops filter...

Gentoo Security Advisory GLSA 200411-08 (GD)

The remote host is missing updates announced in advisory GLSA 200411-08. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

xpm -- image decoding vulnerabilities

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2008-1573

The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information memory contents via a crafted 1 BMP or 2 GIF image, which causes an out-of-bounds read...