Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Cognos Controller

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Cognos Controller. IBM Cognos Controller has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2105 DESCRIPTION: OpenSSL is vulnerable to a heap-based buffer overflow,...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ (CVE-2016-2106, CVE-2016-2109)

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM WebSphere MQ. IBM WebSphere MQ has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2106 DESCRIPTION: OpenSSL is vulnerable to a heap-based buffer overflow, caused by...

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM MQ Appliance

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM MQ Appliance. IBM MQ Appliance has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on...

kernel: Incorrect type conversion for size during dma allocation

A flaw was found where the kernel truncated the value used to indicate the size of a buffer which it would later become zero using an untruncated value. This can corrupt memory outside of the original allocation...

The vulnerability of the libavc library in the Media Framework component of the Android operating system allows a hacker to trigger a service failure.

The vulnerability of the libavc library in the Media Framework component of the Android operating system is related to improper error handling during memory allocation. Exploiting this vulnerability could allow a malicious actor to cause service failure remotely...

Updated libplist packages fix security vulnerability

The base64decode function in libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service buffer over-read via split encoded Apple Property List data CVE-2017-5209. The main function in plistutil.c in libimobiledevice libplist allowed attackers to...

MGASA-2018-0025 Updated libplist packages fix security vulnerability

The base64decode function in libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service buffer over-read via split encoded Apple Property List data CVE-2017-5209. The main function in plistutil.c in libimobiledevice libplist allowed attackers to...

Denial Of Service (DoS)

ImageMagick is vulnerable to denial of service DoS attacks. A malicious user can pass a WPG image file to the application, causing a heap allocation error that can crash the application...

CVE-2017-12957

There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service...

CVE-2017-11331

The wavopen function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service memory allocation error via a crafted wav file...

Xiph.Org vorbis-tools 'wav_open' function denial of service vulnerability

Xiph.Org vorbis-tools is a set of Ogg an audio compression format vorbis tools. A security vulnerability exists in the 'wavopen' function of the oggenc/audio.c file in Xiph.Org vorbis-tools version 1.4.0. A remote attacker can exploit this vulnerability to cause a denial of service memory...

Design/Logic Flaw

The wavopen function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service memory allocation error via a crafted wav file...

CVE-2017-11331

The wavopen function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service memory allocation error via a crafted wav file...

CVE-2017-11331

The wavopen function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service memory allocation error via a crafted wav file...

UBUNTU-CVE-2017-11331

The wavopen function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service memory allocation error via a crafted wav file...

CVE-2017-11331

The wavopen function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service memory allocation error via a crafted wav file...

CVE-2017-11331

The wavopen function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service memory allocation error via a crafted wav file...

CVE-2017-11331

CVE-2017-11331 affects Xiph.Org vorbis-tools 1.4.0; the wav_open function in oggenc/audio.c can be triggered by a crafted WAV file to cause a denial of service via memory allocation error. Multiple connected sources (CNVD-2017-19461, OSV CVE-2017-11331, OSV) corroborate a remote-exploitation vect...

PT-2017-11931 · Xiph.Org +2 · Vorbis-Tools +2

Name of the Vulnerable Software and Affected Versions: vorbis-tools version 1.4.0 Description: The issue allows remote attackers to cause a denial of service, specifically a memory allocation error, by using a crafted wav file. This is related to the wav open function in oggenc/audio.c...

Vorbis Tools oggenc 1.4.0 - .wav Denial of Service

Vorbis Tools oggenc 1.4.0 - .wav Denial of Service vorbis-tools oggenc vulnerability ================ Author : qflb.wu =============== Introduction: ============= The Vorbis Tools package contains command-line tools useful for encoding, playing or editing files using the Ogg CODEC. Affected...