Android软件开发工具包BMP文件处理整数溢出漏洞

BUGTRAQ ID: 28006 CVECAN ID: CVE-2008-0986 Android是Google通过Open Handset Alliance发起的项目，用于为移动设备提供完整的软件集，包括操作系统、中间件等。 Android SDK的libsgl.so库中的BMP::readFromStreamStream , ImageDecoder::Mode方式在解析BMP图形文件头时存在整数溢出漏洞，远程攻击者可能利用此漏洞控制用户设备。 如果BMP文件头的offset字段值为负数且Bitmap Information部分（DIB头）指定了8...

Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)

Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.216 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue...

CVE-2007-2466

CVE-2007-2466 affects the LDAP Software Development Kit (SDK) for C used in Sun Java System Directory Server 5.2 (up to Patch 4) and Sun ONE Directory Server 5.1. The vulnerability is described as unspecified but enables remote attackers to cause a denial of service (crash) via certain BER encodi...

CVE-2005-3583

1 Java Runtime Environment JRE and 2 Software Development Kit SDK 1.4.208, 1.4.209, and 1.5.005 and possibly other versions allow remote attackers to cause a denial of service JVM unresponsive via a crafted serialized object, such as a font object as demonstrated on JBoss...

CVE-2004-2540

readObject in 1 Java Runtime Environment JRE and 2 Software Development Kit SDK 1.4.0 through 1.4.205 allows remote attackers to cause a denial of service JVM unresponsive via crafted serialized data...

CVE-2005-3583

1 Java Runtime Environment JRE and 2 Software Development Kit SDK 1.4.208, 1.4.209, and 1.5.005 and possibly other versions allow remote attackers to cause a denial of service JVM unresponsive via a crafted serialized object, such as a font object as demonstrated on JBoss...

CVE-2003-1156

Java Runtime Environment JRE and Software Development Kit SDK 1.4.2 through 1.4.202 allows local users to overwrite arbitrary files via a symlink attack on 1 unpack.log, as created by the unpack program, or 2 .mailcap1 and .mime.types1, as created by the RPM program...

CVE-2005-0223

The Software Development Kit SDK and Run Time Environment RTE 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service Java Virtual Machine hang via object deserialization...

CVE-2004-2540

readObject in 1 Java Runtime Environment JRE and 2 Software Development Kit SDK 1.4.0 through 1.4.205 allows remote attackers to cause a denial of service JVM unresponsive via crafted serialized data...

CVE-2003-1156

Java Runtime Environment JRE and Software Development Kit SDK 1.4.2 through 1.4.202 allows local users to overwrite arbitrary files via a symlink attack on 1 unpack.log, as created by the unpack program, or 2 .mailcap1 and .mime.types1, as created by the RPM program...

Microsoft StreamInsight 1.2 (KB2587551)

This update is the Microsoft StreamInsight 1.2 release. It is installed side by side with your existing StreamInsight installation. It contains the SDK to develop applications and adapters, runtime libraries, and the event flow debugger. Read the Installation and Programming Considerations sectio...