chromium-browser: Container-overflow in SVG.

platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service container overflow or...

Google Chrome Blink Buffer Overflow Vulnerability

Blink is a browser typography engine developed by Google and Opera Software. A security vulnerability exists in the platform/graphics/filters/FEColorMatrix.cpp file in the SVG implementation of Blink used in Google Chrome. The program fails to properly handle feColorMatrix filters containing too...

Google Chrome Blink SVG Memory Misreference Vulnerability

Blink is a browser typography engine developed by Google and Opera Software. A memory misreference vulnerability exists in the SVG implementation of Blink used by Google Chrome. As the program fails to properly handle the shadow tree of use elements. A remote attacker could exploit this...

UBUNTU-CVE-2015-1257

platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service container overflow or...

USN-2603-1 thunderbird vulnerabilities

Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application...

Microsoft Internet Explorer SVG Marker Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

MediaWiki Incomplete Blacklist Vulnerability (CNVD-2015-02418)

MediaWiki is a Wiki program. An incomplete blacklist vulnerability exists in the includes/upload/UploadBase.php script of MediaWiki. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of nested SVG files with data: URI of type pplication/xml MIME...

MediaWiki Denial of Service Vulnerability (CNVD-2015-02421)

MediaWiki is a Wiki program. A security vulnerability exists in MediaWiki. When the program uses HHVM, a remote attacker can exploit the vulnerability to cause a denial of service CPU and memory consumption with the help of a large number of nested entity references in the SVG file of a PDF folde...

MediaWiki Information Disclosure Vulnerability (CNVD-2015-02411)

MediaWiki is a Wiki program. A security vulnerability exists in MediaWiki. A remote attacker can exploit this vulnerability to bypass SVG filtering and obtain sensitive user information via a mixed-case '@import' string in the style element of an SVG file...

MediaWiki HTML Injection Vulnerability

MediaWiki is a Wiki program. A security vulnerability exists in MediaWiki, which stems from the failure of the 'xmlparse' function in the Zend interpreter to properly expand entities. The vulnerability can be exploited by a remote attacker to inject arbitrary web script or HTML with the help of a...

DEBIAN-CVE-2015-2935

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."...

DEBIAN-CVE-2015-2931

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI...

UBUNTU-CVE-2015-2942

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service CPU and memory consumption via a large number of nested entity references in an 1 SVG file or 2 XMP metadata in a PDF file, aka a "billion laughs attack," ...

UBUNTU-CVE-2015-2934

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xmlparse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file...

USN-2548-1 batik vulnerability

Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption...

Apache Batik Information Disclosure Vulnerability

Apache Batik is a Java-based technology SVG Scalable Vector Graphics toolkit , you can view , generate and process SVG format images . Apache Batik has a security vulnerability that can be exploited by attackers to send malicious SVG files and obtain sensitive information...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution via unsafe svg animation tags. Details Exploit Example: html Here the anchor's href is animated, starting from a value that's a javascript URI. This allows execution of arbitrary javascript in the process...

Mozilla: Out-of-bounds read and write while rendering SVG content (MFSA 2015-19)

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic...

Mozilla: Out-of-bounds read and write while rendering SVG content (MFSA 2015-19)

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic...

Google Chrome Denial of Service Vulnerability (CNVD-2015-00023)

Google Chrome is a simple and efficiently designed web browsing tool developed by Google. A denial of service vulnerability exists in versions of Google Chrome prior to 11.0.696.65, which allows remote attackers to launch denial of service attacks via a crafted SVG document...