1399 matches found
DSA-3673-1 openssl - security update
Bulletin has no description...
PT-2016-3191 · Zlib +9 · Zlib +9
Name of the Vulnerable Software and Affected Versions: zlib version 1.2.8 Description: The issue is caused by improper pointer arithmetic in the inftrees.c component of the zlib library. This could allow a remote attacker to exploit the vulnerability, potentially leading to unspecified impact,...
Scientific Linux Security Update : libarchive on SL6.x i386/x86_64 (20160912)
Security Fixes : - A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive...
Important: Red Hat Security Advisory: libarchive security update
An update for libarchive is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Microsoft GDI+ - ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097)
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=826 The GDI+ library can handle bitmaps originating from untrusted sources through a variety of attack vectors, like EMF files, which may embed bitmaps in records such as EMRPLGBLT...
Microsoft Windows - GDI+ ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097)
Microsoft Windows - GDI+ ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads MS16-097 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=826 The GDI+ library can handle bitmaps originating from untrusted sources through a variety of attack vectors, like EMF files, whi...
Microsoft Windows - GDI+ DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=824 The GDI+ library can handle bitmaps originating from untrusted sources through a variety of attack vectors, like EMF files, which may embed bitmaps in records such as EMRPLGBLT, EMRBITBLT, EMRSTRETCHBLT, EMRSTRETCHDIBITS etc. T...
Microsoft Windows - GDI+ ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=826 The GDI+ library can handle bitmaps originating from untrusted sources through a variety of attack vectors, like EMF files, which may embed bitmaps in records such as EMRPLGBLT, EMRBITBLT, EMRSTRETCHBLT, EMRSTRETCHDIBITS etc. I...
openSUSE Security Update : GraphicsMagick (openSUSE-2016-984)
This update for GraphicsMagick fixes the following issues : - CVE-2014-9805: SEGV due to a corrupted pnm file boo983752 - CVE-2016-5240: SVG converting issue resulting in DoS endless loop boo983309 - CVE-2016-5241: Arithmetic exception div by 0 in SVG conversion boo983455 - CVE-2014-9846: Overflo...
MGASA-2016-0252 Updated graphicsmagick packages fix security vulnerability
A read out-of-bound in the parsing of gif files using GraphicsMagick CVE-2015-8808. - Infinite loop caused by converting a circularly defined svg file CVE-2016-5240. - Fix another case of CVE-2016-2317 heap buffer overflow in the MVG rendering code also impacts SVG. - arithmetic exception...
OpenSSL Multiple Vulnerabilities - 19 (Jun 2016) - Windows
OpenSSL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl"; ifdescription...
DEBIAN-CVE-2016-2177
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and application crash or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3srvr....
CVE-2016-2177
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and application crash or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3srvr....
CVE-2016-2177
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and application crash or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3srvr....
OpenSSL Denial of Service Vulnerability
OpenSSL is an open source capable of implementing the Secure Sockets Layer SSL v2/v3 and Secure Transport Layer TLS v1 protocols developed by the OpenSSL team as a general-purpose cryptographic library that supports a wide range of cryptographic algorithms including symmetric ciphers, hash...
The vulnerability of the PHP interpreter allows attackers to trigger a service failure or execute arbitrary code.
The vulnerability of the makehttpsoaprequest function ext/soap/phphttp.c in the PHP interpreter is related to pointer arithmetic errors. Exploiting this vulnerability could allow a malicious actor to cause service failure pointer arithmetic errors, application termination, or execute arbitrary co...
Internet Bug Bounty: CVE-2016-2177 Undefined pointer arithmetic in SSL code
1.0.2 version here: https://github.com/openssl/openssl/commit/a004e72b95835136d3f1ea90517f706c24c03da7 1.0.1 version here: https://github.com/openssl/openssl/commit/6f35f6deb5ca7daebe289f86477e061ce3ee5f46 These will get listed in the next security advisory and rolled up in the next release...
Vulnerability in OpenSSL - Pointer arithmetic undefined behaviour
Avoid some undefined pointer arithmetic A common idiom in the codebase is to check limits in the following manner: “p + len limit” Where “p” points to some malloc’d data of SIZE bytes and limit == p + SIZE “len” here could be from some externally supplied data e.g. from a TLS message. The rules o...
Mental Arithmetic Math Workout - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Mental Arithmetic Math Workout published at the 'play' market has multiple vulnerabilities...
The vulnerability of the Firefox browser, which allows a violator to trigger a service failure or cause other effects
The vulnerability of the srtpunprotect function in the Firefox WebRTC implementation arises due to a loss of precision in integer arithmetic. Exploiting this vulnerability can allow an attacker to cause a service failure or other effects such as memory corruption from a remote location...