Sensitive Information Leak

ImageMagick is vulnerable to a sensitive information leak. The vulnerability exists because it fails to perform an initialization step in the ReadRLEImage function in coders/rle.c. Therefore, the uninitialized memory in the RLE decoder can be used to access sensitive information from process memo...

Design/Logic Flaw

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image da...

CVE-2017-9098

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image da...

[SECURITY] [DLA 942-1] jbig2dec security update

Package : jbig2dec Version : 0.13-4deb7u2 CVE ID : CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 CVE-2017-7885 Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service application crash or disclosure of sensitive information from process memory, because of an integer...

Information disclosure

The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site,...

[SECURITY] [DLA 912-1] tiff3 security update

Package : tiff3 Version : 3.9.6-11+deb7u5 CVE ID : CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 Debian Bug : 860000 860001 860003 Multiple security issues have been found in the tiff3 image library that may allow remote attackers ...

Gnome Keyring Daemon Credential Disclosure Vulnerability

The gnome-keyring-daemon is vulnerable to local credential disclosure as it leaves credentials accessible in memory. gnome-keyring-daemon is vulnerable to local credentials disclosure. Fortunately the attack can be spun on already compromised machines, but sadly, in those cases, an attacker can...

CVE-2017-7976

Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2imagecompose function in jbig2image.c during operations on a crafted .jb2 file, leading to a denial of service application crash or disclosure of sensitive information from process memory...

CVE-2017-7885

Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service application crash or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2decodesymboldict function in jbig2symboldict.c in libjbig2dec.a during operation on a craft...

CVE-2017-7885

Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service application crash or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2decodesymboldict function in jbig2symboldict.c in libjbig2dec.a during operation on a craft...

CVE-2017-0194

Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."...

Information disclosure

Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."...

CVE-2017-7593

tifread.c in LibTIFF 4.0.7 does not ensure that tifrawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image...

CVE-2017-7593

tifread.c in LibTIFF 4.0.7 does not ensure that tifrawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image...

CVE-2017-7593

tifread.c in LibTIFF 4.0.7 does not ensure that tifrawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image...

CVE-2017-7407

The ourWriteOut function in toolwriteout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a...

Code injection

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site...

CVE-2017-2424

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site...

CVE-2017-2424

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site...

CVE-2017-2424

CVE-2017-2424 affects WebKit (Apple iOS and Safari components) due to mishandling of OpenGL shaders, enabling remote attackers to read sensitive information from process memory via a crafted webpage. Public details in connected sources indicate the issue impacts iOS 10.3 and Safari 10.1 (and earl...