CVE-2018-10963

The TIFFWriteDirectorySec function in tifdirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service assertion failure and application crash via a crafted file, a different vulnerability than CVE-2017-13726...

Updated libtiff packages fix security vulnerabilities

The TIFFWriteDirectorySec function in tifdirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service assertion failure and application crash via a crafted file, a different vulnerability than CVE-2017-13726. CVE-2018-10963 In LibTIFF 4.0.9, a heap-based buffer overflo...

Updated exempi package fixes security vulnerabilities

An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScriptMetaHandler::ParsePSFile function in PostScriptHandler.cpp CVE-2018-7729. An issue was discovered in Exempi through 2.4.4. WEBPSupport.cpp does not check whether a bitstream has a NULL value,...

Denial Of Service (DoS)

libtiff.so is vulnerable to denial of service DoS attacks. A malicious user can pass a tiff file to the TIFFWriteDirectory function in tifdirwrite.c to cause an assertion failure and application crash...

CVE-2018-10963

The TIFFWriteDirectorySec function in tifdirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service assertion failure and application crash via a crafted file, a different vulnerability than CVE-2017-13726...

CVE-2018-10963

CVE-2018-10963 affects LibTIFF: the TIFFWriteDirectorySec() function in tif_dirwrite.c (LibTIFF up to 4.0.9) allows remote attackers to trigger a denial of service (assertion failure and crash) with a crafted TIFF file. Affected versions: LibTIFF ≤ 4.0.9. Remediation: upgrade to LibTIFF 4.0.10 or...

CVE-2018-10963

The TIFFWriteDirectorySec function in tifdirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service assertion failure and application crash via a crafted file, a different vulnerability than CVE-2017-13726...

Medium: krb5

Issue Overview: Authentication bypass by improper validation of certificate EKU and SAN An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to...

Denial Of Service (DoS)

libbind9.so is vulnerable to denial of service DoS attacks. The library contains a use-after-free bug in the fctxstoptimer function in the lib/dns/resolver.c file, allowing a malicious user to pass a DNS packet to cause an assertion failure and crash the application...

Scientific Linux Security Update : krb5 on SL7.x x86_64 (20180410)

Security Fixes : - krb5: Authentication bypass by improper validation of certificate EKU and SAN CVE-2017-7562 - krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure CVE-2017-11368 Additional Changes : C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...

Multiple Apple Products WebKit Assertion Failure Vulnerability

Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is an open source web...

Denial Of Service (DoS)

libjasper.so is vulnerable to denial of service DoS attacks. A malicious user can pass a image file to the application to cause an assertion error that can crash the application...

Debian DLA-1354-1 : opencv security update

Two vulnerabilities were found in OpenCV, the 'Open Computer Vision Library'. CVE-2018-5268 In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmtjpeg2000.cpp when parsing a crafted image file. CVE-2018-5269 In OpenCV 3.3.1, an...

[SECURITY] [DLA 1354-1] opencv security update

Package : opencv Version : 2.3.1-11+deb7u4 CVE ID : CVE-2018-5268 CVE-2018-5269 Debian Bug : 886674 886675 Two vulnerabilities were found in OpenCV, the "Open Computer Vision Library". CVE-2018-5268 In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in...

Design/Logic Flaw

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and...

CVE-2015-9217

CVE-2015-9217 involves malformed HVEC clips that can trigger an assertion failure in Android devices on Qualcomm Snapdragon platforms (numerous models) prior to the 2018-04-05 security patch level. The issue is described in the CVE entry with a Local attack vector and impacts to confidentiality, ...

PT-2018-1772 · Cisco · Cisco Ftd +2

Name of the Vulnerable Software and Affected Versions: Cisco AnyConnect Secure Mobility Client, Cisco Adaptive Security Appliance ASA Software, and Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the implementation of Security Assertion...

CVE-2018-9303

In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort...

QEMU: VGA: reachable assert failure during display update

An assert failure issue was found in the VGA display emulator built into the Quick emulator QEMU. It could occur while updating graphics display, due to miscalculating region for dirty bitmap snapshot in split screen mode. A privileged user/process inside guest could use this flaw to crash the QE...

RHEL 7 : krb5 (RHSA-2018:0666)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0666 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending...