Updated xkbcomp packages fix security vulnerabilities

Endless recursion in xkbcomp/expr.c resulting in a crash. CVE-2018-15853 NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash. CVE-2018-15859 NULL pointer dereference in ExprResolveLhs resulting in a crash. CVE-2018-15861 NULL pointer dereference in...

SUSE CVE-2017-2926

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary code execution...

CVE-2019-10590

Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

Improper access control

Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

DEBIAN-CVE-2018-15859

Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash NULL pointer dereference the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled...

flash-plugin: multiple code execution issues fixed in APSB17-02

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary code execution...

UBUNTU-CVE-2014-7908

Multiple integer overflows in the CheckMov function in media/base/containernames.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in 1 MPEG-4 or 2 QuickTime .mov data...

RealNetworks RealPlayer AAC MLLT Atom Parsing Remote Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing an .AAC...

Microsoft DirectShow Quicktime Atom Parsing Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a target must visit a malicious page or open a malicious video file. The specific flaw exists within the parsing of the length records of...

Secunia Research: Microsoft PowerPoint Atom Parsing Buffer Overflows

====================================================================== Secunia Research 12/05/2009 - Microsoft PowerPoint Atom Parsing Buffer Overflows - ====================================================================== Table of Contents Affected...

xinelib library integer overflow

Integer overflow on Quicktime XTTS atom parsing...

ZDI-08-060: Apple QuickTime AVC1 Atom Parsing Heap Overflow Vulnerability

ZDI-08-060: Apple QuickTime AVC1 Atom Parsing Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-060 September 9, 2008 -- CVE ID: CVE-2008-3627 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPointTM IPS Customer Protection: TippingPoint IPS...

ZDI-08-016: Apple QuickTime MP4A Atom Parsing Heap Corruption Vulnerability

ZDI-08-016: Apple QuickTime MP4A Atom Parsing Heap Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-016 April 3, 2008 -- CVE ID: CVE-2008-1018 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime 7.4.1 -- TippingPointTM IPS Customer Protection: TippingPoint...

Apple QuickTime MP4A Atom Parsing Heap Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the parsing of the QuickTime Channel Composit...