openSUSE Security Update : gd (openSUSE-2016-1281)

This update for gd fixes the following security issues : - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp bsc1001900 - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf bsc1004924 -...

[SECURITY] Fedora 24 Update: mingw-libwebp-0.5.1-2.fc24

WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently...

Ubuntu: Security Advisory (USN-3117-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS : GD library vulnerabilities (USN-3117-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3117-1 advisory. Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked...

USN-3117-1: GD library vulnerabilities

Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service. CVE-2016-6911 Ke Liu discovered that the GD library incorrectl...

USN-3117-1 libgd2 vulnerabilities

Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service. CVE-2016-6911 Ke Liu discovered that the GD library incorrectl...

The updated packages fix a security vulnerability

Integer overflow in the gdImageWebpCtx function in gdwebp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted imagewebp and...

CVE-2016-7568

An integer overflow flaw, leading to a heap-based buffer overflow, was found in gd. A specially crafted image, when converted to webp, could cause the application to crash or potentially execute arbitrary code...

CVE-2016-7568

Integer overflow in the gdImageWebpCtx function in gdwebp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted imagewebp and...

UBUNTU-CVE-2016-7568

Integer overflow in the gdImageWebpCtx function in gdwebp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted imagewebp and...

Gentoo Security Advisory GLSA 201312-08

Gentoo Linux Local Security Checks GLSA 201312-08 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

The browser cache is Vary broken

Jake, why are your blog posts always so depressing? -- Domenic Denicola @domenic Well, I wouldn't want to disappoint… TL;DR If you use "Vary" to negotiate content, the responses will fight for the same cache space. Additionally, IE ignores "max-age" and Safari is buggy. Content negotiation using...

WebP: User-assisted execution of arbitrary code

Background WebP is a lossy image compression format. Description An integer overflow flaw has been found in WebP. Impact A remote attacker could entice a user to open a specially crafted image in an application linked against WebP, possibly resulting in execution of arbitrary code with the...

GLSA-201312-08 : WebP: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201312-08 WebP: User-assisted execution of arbitrary code An integer overflow flaw has been found in WebP. Impact : A remote attacker could entice a user to open a specially crafted image in an application linked against WebP,...

Fedora Update for libwebp FEDORA-2013-1490

Check for the Version of libwebp OpenVAS Vulnerability Test Fedora Update for libwebp FEDORA-2013-1490 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 18 Update: libwebp-0.2.1-1.fc18

WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently...

Opera Multiple Vulnerabilities-03 Jan13 (Mac OS X)

The host is installed with Opera and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvuln03jan13macosx.nasl 6093 2017-05-10 09:03:18Z teissa $ Opera Multiple Vulnerabilities-03 Jan13 Mac OS X Authors: Antu Sanadi Copyright: Copyright c 2013 Greenbone Networks GmbH...

Opera Multiple Vulnerabilities-03 Jan13 (Windows)

The host is installed with Opera and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvuln03jan13win.nasl 6093 2017-05-10 09:03:18Z teissa $ Opera Multiple Vulnerabilities-03 Jan13 Windows Authors: Antu Sanadi Copyright: Copyright c 2013 Greenbone Networks GmbH,...

Opera Multiple Vulnerabilities-03 (Jan 2013) - Mac OS X

Opera is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-6466

Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas...