Adobe Flash Player Infinite Recursion Arbitrary Read Access Violation

SUMMARY A potentially exploitable read access violation vulnerability exists in the a way Adobe Flash Player handles infinitely recursive calls. A specially crafted ActionScript code can cause a read access violation which can potentially be further abused. To trriger this vulnerability user...

MGASA-2016-0187 Updated libxml2 packages fix security vulnerability

When running in recovery mode, certain invalid XML documents would trigger an infinite recursion in libxml2 that ran until all stack space was exhausted. This vulnerability could have been used to facilitate a denial-of-sevice attack CVE-2016-3627. libxml2 limits the number of recursions an XML...

DEBIAN-CVE-2016-3627

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service infinite recursion, stack consumption, and application crash via a crafted XML document...

CVE-2016-3627

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service infinite recursion, stack consumption, and application crash via a crafted XML document...

DEBIAN-CVE-2016-4008

The asn1extractderoctet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1DECODEFLAGSTRICTDER flag, allows remote attackers to cause a denial of service infinite recursion via a crafted certificate...

CVE-2016-4008

The asn1extractderoctet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1DECODEFLAGSTRICTDER flag, allows remote attackers to cause a denial of service infinite recursion via a crafted certificate...

CVE-2016-4008

The asn1extractderoctet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1DECODEFLAGSTRICTDER flag, allows remote attackers to cause a denial of service infinite recursion via a crafted certificate...

CVE-2016-4008

The asn1extractderoctet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1DECODEFLAGSTRICTDER flag, allows remote attackers to cause a denial of service infinite recursion via a crafted certificate...

SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2016:1204-1)

This update for libxml2 fixes two security issues : - libxml2 limits the number of recursions an XML document can contain so to protect against the 'Billion Laughs' denial-of-service attack. Unfortunately, the underlying counter was not incremented properly in all necessary locations. Therefore,...

SUSE-SU-2016:1205-1 Security update for libxml2

This update for libxml2 fixes two security issues: - libxml2 limits the number of recursions an XML document can contain so to protect against the 'Billion Laughs' denial-of-service attack. Unfortunately, the underlying counter was not incremented properly in all necessary locations. Therefore,...

SUSE-SU-2016:1204-1 Security update for libxml2

This update for libxml2 fixes two security issues: - libxml2 limits the number of recursions an XML document can contain so to protect against the 'Billion Laughs' denial-of-service attack. Unfortunately, the underlying counter was not incremented properly in all necessary locations. Therefore,...

libtasn1 -- denial of service parsing malicious DER certificates

GNU Libtasn1 NEWS reports: Fixes to avoid an infinite recursion when decoding without the ASN1DECODEFLAGSTRICTDER flag. Reported by Pascal Cuoq...

DEBIAN-CVE-2015-8389

PCRE before 8.38 mishandles the /?:|a|100x/ pattern and related patterns, which allows remote attackers to cause a denial of service infinite recursion or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konquero...

CVE-2015-8389

PCRE before 8.38 mishandles the /?:|a|100x/ pattern and related patterns, which allows remote attackers to cause a denial of service infinite recursion or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konquero...

PCRE Denial of Service Vulnerability (CNVD-2015-07884)

PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. A security vulnerability exists in PCRE versions prior to 8.38, which stems from the program's failure to properly handle the '/? :|a|100x...

pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)

PCRE before 8.36 mishandles the /a\2|a\g/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a...

CVE-2006-6297

Stack consumption vulnerability in the KFILE JPEG kfilejpeg plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service stack consumption via a crafted EXIF section in a JPEG file, which results in an infinite recursio...

The vulnerability of the Internet Information Services software allows a perpetrator to cause service failures.

The Internet Information Services software package contains a vulnerability in the ftpsvc2.dll module, located in the C:\Windows\system32\inetsrv directory. Using this module causes exhaustion of the stack when processing a special command argument “LIST”. This occurs due to a recursive function...

kernel: udf: Avoid infinite loop when processing indirect ICBs

A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format UDF file system implementation processed indirect Information Control Blocks ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the...

SuSE 11.3 Security Update : perl (SAT Patch Number 9858)

This update fixes a memory leak and an infinite recursion in Data::Dumper. CVE-2014-4330 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc. if...