SUSE CVE-2006-4806

Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted 1 ARGB loaderargb.c, 2 PNG loaderpng.c, 3 LBM loaderlbm.c, 4 JPEG loaderjpeg.c, or 5 TIFF loadertiff.c images...

SUSE CVE-2006-4807

loadertga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service crash via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808...

SUSE CVE-2007-3922

Unspecified vulnerability in the Java Runtime Environment JRE Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.214 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to...

SUSE CVE-2007-6351

libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service infinite recursion via an image file with crafted EXIF tags, possibly involving the exifloaderwrite function in exifloader.c...

SUSE CVE-2008-0544

Heap-based buffer overflow in the IMGLoadLBMRW function in IMGlbm.c in SDLimage before 1.2.7 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained from third party information...

SUSE CVE-2008-1670

Heap-based buffer overflow in the progressive PNG Image loader decoders/pngloader.cpp in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted image...

SUSE CVE-2008-2426

Multiple stack-based buffer overflows in Imlib 2 aka imlib2 1.4.0 allow user-assisted remote attackers to cause a denial of service crash or possibly execute arbitrary code via 1 a PNM image with a crafted header, related to the load function in src/modules/loaders/loaderpnm.c; or 2 a crafted XPM...

SUSE CVE-2008-5187

The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability...

SUSE CVE-2009-5064

ldd in the GNU C Library aka glibc or libc6 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LDTRACELOADEDOBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion...

SUSE CVE-2010-0169

The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to...

SUSE CVE-2010-1760

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150...

SUSE CVE-2010-1767

Cross-site request forgery CSRF vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest...

SUSE CVE-2010-4159

Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory...

SUSE CVE-2010-4351

The JNLP SecurityManager in IcedTea IcedTea.so 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security...

SUSE CVE-2011-0706

The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."...

SUSE CVE-2011-2513

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader...

SUSE CVE-2011-2897

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw...

SUSE CVE-2011-2912

Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/loads3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset...

SUSE CVE-2012-2625

The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service memory consumption via a large 1 bzip2 or 2 lzma compressed kernel image...

SUSE CVE-2012-5140

Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader...