curl escape and unescape integer overflows

The four libcurl functions curlescape, curleasyescape, curlunescape and curleasyunescape perform string URL percent escaping and unescaping. They accept custom string length inputs in signed integer arguments. The functions having names without "easy" being the deprecated versions of the others...

libarchive: undefined behaviour (integer overflow) in iso parser

Undefined behavior signed integer overflow was discovered in libarchive, in the ISO parser. A crafted file could potentially cause denial of service...

openSUSE Security Update : libarchive (openSUSE-2016-969)

libarchive was updated to fix 20 security issues. These security issues were fixed : - CVE-2015-8918: Overlapping memcpy in CAB parser bsc985698. - CVE-2015-8919: Heap out of bounds read in LHA/LZH parser bsc985697. - CVE-2015-8920: Stack out of bounds read in ar parser bsc985675. - CVE-2015-8921...

libarchive -- multiple vulnerabilities

Hanno Bock and Cisco Talos report: Out of bounds heap read in RAR parser Signed integer overflow in ISO parser TALOS-2016-0152 CVE-2016-4300: 7-Zip readSubStreamsInfo Integer Overflow TALOS-2016-0153 CVE-2016-4301: mtree parsedevice Stack Based Buffer Overflow TALOS-2016-0154 CVE-2016-4302:...

CVE-2015-8931

Undefined behavior signed integer overflow was discovered in libarchive, in the MTREE parser's calculation of maximum and minimum dates. A crafted mtree file could potentially cause denial of service...

GNU gcc integer overflow vulnerability (CNVD-2016-03095)

GNU gcc GNU Compiler Collection is an open source compiler for programming languages developed by the GNU Project. An integer overflow vulnerability exists in GNU gcc, which arises from a program's failure to properly handle data of type signed int. An attacker could exploit this vulnerability to...

libgd 2.1.1 Signedness

Overview ======== libgd 1 is an open-source image library. It is perhaps primarily used by the PHP project. It has been bundled with the default installation of PHP since version 4.3 2. A signedness vulnerability CVE-2016-3074 exist in libgd 2.1.1 which may result in a heap overflow when processi...

USN-2766-1 spice vulnerabilities

Frediano Ziglio discovered multiple buffer overflows, undefined behavior signed integer operations, race conditions, memory leaks, and denial of service issues in Spice. A malicious guest operating system could potentially exploit these issues to escape virtualization. CVE-2015-5260, CVE-2015-526...

Linux Kernel < 2.6.36-rc6 pktcdvd Kernel Memory Disclosure

No description provided by source. / cve-2010-3437.c Linux Kernel 2.6.36-rc6 pktcdvd Kernel Memory Disclosure Jon Oberheide [email protected] http://jon.oberheide.org Information: https://bugzilla.redhat.com/showbug.cgi?id=638085 The PKTCTRLCMDSTATUS device ioctl retrieves a pointer to a...

Oracle Java BytePackedRaster.verify() Signed Integer Overflow

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0819-1 | | http://packetstormsecurity.com/ |...

Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0813-1 | | http://packetstormsecurity.com/ |...

Sendmail 8.11/8.12 Debugger Arbitrary Code Execution Vulnerability (4)

No description provided by source. source: http://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for processing arguments...

[PSA-2013-0819-1] Oracle Java BytePackedRaster.verify&#40;&#41; Signed Integer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0819-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Oracle...

[PSA-2013-0813-1] Oracle Java IntegerInterleavedRaster.verify&#40;&#41; Signed Integer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0813-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Oracle...

Oracle Java - &#039;BytePackedRaster.verify()&#039; Signed Integer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0819-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Oracle...

Oracle Java - IntegerInterleavedRaster.verify() Signed Integer Overflow

Oracle Java - IntegerInterleavedRaster.verify Signed Integer Overflow -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0813-1 | | http://packetstormsecurity.com/ |...

Oracle Java - &#039;IntegerInterleavedRaster.verify()&#039; Signed Integer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0813-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Oracle...

CVE-2013-1327

Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."...

Oracle Outside In CorelDRAW File Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Outside In. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

kernel: possible kernel oops from user MSS

The dotcpsetsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCPMAXSEG aka MSS values, which allows local users to cause a denial of service OOPS via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect u...