Debian DLA-889-1 : potrace security update

It was discovered that potrace, an utility to transform bitmaps into vector graphics, was affected by an integer overflow in the findnext function, allowing remote attackers to cause a denial of service invalid memory access and crash via a crafted BMP image. For Debian 7 'Wheezy', these problems...

Moodle cross-site scripting vulnerability (CNVD-2017-04602)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A cross-site scripting vulnerability exists in the Course summary filter on the 'Add a...

UBUNTU-CVE-2017-5617

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

Mozilla Firefox Buffer Overflow Read Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. Thunderbird is a mail tool adapted from the mail widget of the Mozilla browser. Mozilla Firefox suffers from a buffer overflow read vulnerability that could allow an attacker to read a buffer overflow...

[SECURITY] Fedora 24 Update: libwmf-0.2.8.4-50.fc24

A library for reading and converting Windows MetaFile vector graphics WMF...

DEBIAN-CVE-2016-5240

The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service infinite loop by converting a circularly defined SVG file...

[SECURITY] Fedora 25 Update: libwmf-0.2.8.4-50.fc25

A library for reading and converting Windows MetaFile vector graphics WMF...

UBUNTU-CVE-2016-7446

Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317...

UBUNTU-CVE-2016-5241

magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service arithmetic exception and application crash via a crafted svg file...

UBUNTU-CVE-2016-2318

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted SVG file, related to the 1 DrawImage function in magick/render.c, 2 SVGStartElement function in coders/svg.c, and 3 TraceArcPath function in magick/render.c...

DEBIAN-CVE-2016-9082

Integer overflow in the writepng function in cairo 1.14.6 allows remote attackers to cause a denial of service invalid pointer dereference via a large svg file...

DEBIAN-CVE-2016-2318

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted SVG file, related to the 1 DrawImage function in magick/render.c, 2 SVGStartElement function in coders/svg.c, and 3 TraceArcPath function in magick/render.c...

DEBIAN-CVE-2016-5241

magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service arithmetic exception and application crash via a crafted svg file...

CVE-2016-5224

A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page...

CVE-2016-5204

Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

Mozilla: Restricted external resources can be loaded by SVG images through data URLs (MFSA 2016-94, MFSA 2016-95)

External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

CVE-2016-6850

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser...

CVE-2016-6847

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's context. This c...

DEBIAN-CVE-2016-6628

An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

UBUNTU-CVE-2016-6628

An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...