[SECURITY] Fedora 25 Update: inkscape-0.92.1-4.20170510bzr15686.fc25.1

Inkscape is a vector graphics editor, with capabilities similar to Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector Graphics SVG file format. It is therefore a very useful tool for web designers and as an interchange format for desktop publishing. Inkscape supports many...

[SECURITY] Fedora 25 Update: autotrace-0.31.1-49.fc25

AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others...

[SECURITY] Fedora 26 Update: synfigstudio-1.2.0-5.fc26

Synfig Animation Studio is a powerful, industrial-strength vector-based 2D animation software, designed from the ground-up for producing feature-film quality animation with fewer people and resources. It is designed to be capable of producing feature-film quality animation. It eliminates the need...

[SECURITY] Fedora 26 Update: synfig-1.2.0-9.fc26.1

Synfig is a powerful, industrial-strength vector-based 2D animation software, designed from the ground-up for producing feature-film quality animation with fewer people and resources. It is designed to be capable of producing feature-film quality animation. It eliminates the need for tweening,...

[SECURITY] Fedora 26 Update: inkscape-0.92.1-4.20170510bzr15686.fc26.1

Inkscape is a vector graphics editor, with capabilities similar to Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector Graphics SVG file format. It is therefore a very useful tool for web designers and as an interchange format for desktop publishing. Inkscape supports many...

XnView Classic for Windows Buffer Overflow Vulnerability (CNVD-2017-34093)

XnView Classic for Windows is an image viewing software for Windows developed by French software developer Gougelet Pierre-Emmanuel. The software can be used to view, convert, organize and edit graphic and video files. A buffer overflow vulnerability exists in version 2.40 of XnView Classic for...

IrfanView Buffer Overflow Vulnerability (CNVD-2017-34094)

IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion and more. A buffer overflow vulnerability exists in IrfanView version 4.44 32-bit. This vulnerability can be exploited b...

IrfanView buffer overflow vulnerability (CNVD-2017-30395)

IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion and more. A buffer overflow vulnerability exists in IrfanView version 4.44 32-bit. This vulnerability can be exploited b...

CVE-2017-14510

SugarCRM prior to 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26) contains an unauthenticated cross-site scripting (XSS) vulnerability in the WebToLeadCapture feature. The issue is mitigated by proper validation of redirect URL values. No exploitation ...

wpantund: Dynamic-stack-buffer-overflow in _ZNSt3__16vectorIhNS_9allocatorIhEEE18__construct_at_endIPKhEENS_9enable_ifIXsr2

Project: https://github.com/openthread/wpantund.git Detailed report: https://oss-fuzz.com/testcase?key=6499016432943104 Project: wpantund Fuzzer: libFuzzerwpantundwpantund-fuzz Fuzz target binary: wpantund-fuzz Job Type: libfuzzerasanwpantund Platform Id: linux Crash Type:...

The vulnerability of the mv_read_header function in the multimedia library Ffmpeg (libavformat/mvdec.c) allows a attacker to trigger memory consumption and service failure.

The vulnerability of the mvreadheader function in the FFmpeg multimedia library libavformat/mvdec.c is related to resource management errors. Exploiting this vulnerability can allow a remote attacker to trigger memory consumption and service failures by using a specially created MV format file...

Theater Management Script - SQL Injection

Theater Management Script - SQL Injection Exploit Title: Theater Management Script - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/8o2b4417538/php-scripts/theater-management-script Demo:...

[SECURITY] Fedora 26 Update: libwmf-0.2.8.4-53.fc26

A library for reading and converting Windows MetaFile vector graphics WMF...

The IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device (BlueBorne)

General Overview Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them. The new vector is dubbed “BlueBorne”, as it spread through the air airborne and attacks devices via...

Windows GDI+ Information Disclosure Vulnerability

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could...

Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities

Overview Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying...

Command injection

XSS persistent on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated b...

Heap overflow

An exploitable heap overflow vulnerability exists in the gdkpixbufjpegimageloadincrement functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability...

Ubuntu 14.04 LTS : FontForge vulnerabilities (USN-3409-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3409-1 advisory. It was discovered that FontForge was vulnerable to a heap-based buffer over-read. A remote attacker could use a crafted file to DoS or execute arbitrary...

USN-3409-1 fontforge vulnerabilities

It was discovered that FontForge was vulnerable to a heap-based buffer over-read. A remote attacker could use a crafted file to DoS or execute arbitrary code. CVE-2017-11568, CVE-2017-11569, CVE-2017-11572 It was discovered that FontForge was vulnerable to a stack-based buffer overflow. A remote...