UBUNTU-CVE-2013-6453

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML...

Internet Explorer VML Buffer Overrun (MS07-004) - Ver2 (CVE-2007-0024)

Microsoft Internet Explorer IE contains a remote code execution vulnerability. The vulnerability exists in Microsoft Vector Markup Language VML. VML is a set of XML tags used for exchange, editing, and delivery of vector graphics on the web. By convincing a user to visit a specially crafted Web...

DEBIAN-CVE-2012-6640

Cross-site scripting XSS vulnerability in Horde Internet Mail Program IMP before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565...

Microsoft Windows GDI+ VML Gradient Buffer Overflow (MS08-052) - Ver2 (CVE-2007-5348)

Vector Markup Language VML is a set of XML tags used for exchange, editing, and delivery of vector graphics on the web. A remote code execution vulnerability has been reported in the way that GDI+ handles VML files. The vulnerability is due to a heap-based buffer overrun when GDI+ fails to proper...

Fedora Update for autotrace FEDORA-2013-11904

Check for the Version of autotrace OpenVAS Vulnerability Test Fedora Update for autotrace FEDORA-2013-11904 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

JavaScript and Timing Attacks Used to Steal Browser Data

LAS VEGAS–Security researchers have been warning about the weaknesses and issues with JavaScript and iframes for years now, but the problem goes far deeper than even many of them thought. A researcher in the U.K. has developed a new technique that uses a combination of JavaScript-based timing...

Oracle Linux 5 / 6 : firefox (ELSA-2012-0515)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0515 advisory. firefox: 10.0.4-1.0.1.el62 - Replace firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js 10.0.4-1 - Update to 10.0.4 ESR xulrunner...

Oracle Linux 6 : thunderbird (ELSA-2012-0080)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2012-0080 advisory. 3.1.18-1.0.1.el62 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball 3.1.18-1 -...

[SECURITY] Fedora 19 Update: autotrace-0.31.1-34.fc19

AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others...

[SECURITY] Fedora 18 Update: autotrace-0.31.1-34.fc18

AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others...

Fedora Update for autotrace FEDORA-2013-12032

Check for the Version of autotrace OpenVAS Vulnerability Test Fedora Update for autotrace FEDORA-2013-12032 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Mozilla: SVG filters can lead to information disclosure (MFSA 2013-55)

The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by...

Internet Explorer VML Dashstyle Attributes Integer Overflow

Added: 06/03/2013 CVE: CVE-2013-2551 BID: 58570 OSVDB: 91197 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vml.dll when processing dashstyle attributes of certain VML elements in a web page allows arbitrary command...

Internet Explorer VML Dashstyle Attributes Integer Overflow

Added: 06/03/2013 CVE: CVE-2013-2551 BID: 58570 OSVDB: 91197 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vml.dll when processing dashstyle attributes of certain VML elements in a web page allows arbitrary command...

Fedora Update for inkscape FEDORA-2012-20620

Check for the Version of inkscape OpenVAS Vulnerability Test Fedora Update for inkscape FEDORA-2012-20620 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 16 Update: inkscape-0.48.4-1.fc16

Inkscape is a vector graphics editor, with capabilities similar to Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector Graphics SVG file format. It is therefore a very useful tool for web designers and as an interchange format for desktop publishing. Inkscape supports many...

[SECURITY] Fedora 17 Update: inkscape-0.48.4-1.fc17

Inkscape is a vector graphics editor, with capabilities similar to Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector Graphics SVG file format. It is therefore a very useful tool for web designers and as an interchange format for desktop publishing. Inkscape supports many...

[SECURITY] Fedora 18 Update: inkscape-0.48.4-1.fc18

Inkscape is a vector graphics editor, with capabilities similar to Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector Graphics SVG file format. It is therefore a very useful tool for web designers and as an interchange format for desktop publishing. Inkscape supports many...

Specially crafted SVG images can allow execution of arbitrary code – Opera Security Advisories

Opera can display images created using the Scalable Vector Graphics SVG format. Specially crafted and malformed SVG images may cause Opera to crash when their documents are unloaded, and the crash may allow execution of malicious arbitrary code. To inject code, additional techniques will have to ...

Internet shortcuts used for phishing in elements – Opera Security Advisories

Websites may occasionally want to display image content from untrusted sources. A phishing attack may be carried out by the untrusted source, by displaying malicious instructions on the image, or by navigating the containing page to a similar looking document on another server. Since some image...