Stack overflow

An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow...

CVE-2007-4674

An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow...

CVE-2007-4674

An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow...

Heap overflow

The chunksplit function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is...

CVE-2007-4661

CVE-2007-4661 affects PHP 5.2.3: the chunk_split function miscomputes the required buffer size due to precision loss in floating point arithmetic, which can lead to a heap-based buffer overflow. The description notes this stems from an incomplete fix for CVE-2007-2872 and lists the impact as unkn...

Code injection

PHPIDS before 20070703 does not properly handle 1 arithmetic expressions and 2 unclosed comments, which allows remote attackers to inject arbitrary web script...

CVE-2007-3578

PHPIDS before 20070703 does not properly handle 1 arithmetic expressions and 2 unclosed comments, which allows remote attackers to inject arbitrary web script...

Mandrake Linux Security Advisory : libtiff (MDKSA-2006:137)

Tavis Ormandy, Google Security Team, discovered several vulnerabilities the libtiff image processing library : Several buffer overflows have been discovered, including a stack buffer overflow via TIFFFetchShortPair in tifdirread.c, which is used to read two unsigned shorts from the input file...

Debian DSA-1137-1 : tiff - several vulnerabilities

Tavis Ormandy of the Google Security Team discovered several problems in the TIFF library. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2006-3459 Several stack-buffer overflows have been discovered. - CVE-2006-3460 A heap overflow vulnerability in the...

Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)

TIFF library libtiff before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic...

CVE-2006-3464

TIFF library libtiff before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic...

DEBIAN-CVE-2006-3464

TIFF library libtiff before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic...

CVE-2006-3464

TIFF library libtiff before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic...

[SECURITY] [DSA 1137-1] New tiff packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1137-1 [email protected] http://www.debian.org/security/ Martin Schulze August 2nd, 2006 http://www.debian.org/security/faq -...

CVE-2006-0037

ipnatpptp in the PPTP NAT helper netfilter/ipnathelperpptp.c in Linux kernel 2.6.14, and other versions, allows local users to cause a denial of service memory corruption or crash via a crafted outbound packet that causes an incorrect offset to be calculated from pointer arithmetic when non-linea...

CVE-2006-0037

ipnatpptp in the PPTP NAT helper netfilter/ipnathelperpptp.c in Linux kernel 2.6.14, and other versions, allows local users to cause a denial of service memory corruption or crash via a crafted outbound packet that causes an incorrect offset to be calculated from pointer arithmetic when non-linea...

Mandrake Linux Security Advisory : wxPythonGTK (MDKSA-2005:144)

Wouter Hanegraaff discovered that the TIFF library did not sufficiently validate the 'YCbCr subsampling' value in TIFF image headers. Decoding a malicious image with a zero value resulted in an arithmetic exception, which can cause a program that uses the TIFF library to crash. wxPythonGTK uses a...

zgv: Multiple buffer overflows

Background zgv is a console image viewer based on svgalib. Description Multiple arithmetic overflows have been detected in the image processing code of zgv. Impact An attacker could entice a user to open a specially-crafted image file, potentially resulting in execution of arbitrary code with the...

zgv -- exploitable heap overflows

infamous41md reports: zgv uses malloc frequently to allocate memory for storing image data. When calculating how much to allocate, user supplied data from image headers is multiplied and/or added without any checks for arithmetic overflows. We can overflow numerous calculations, and cause small...