win32k Clipboard Bitmap - Use-After-Free

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=533 This PoC triggers a crash on Windows 7 32-bit with Special Pool enabled on win32k.sys. The kernel crashes due to a use-after-free condition with bitmaps in the...

win32k Clipboard Bitmap - Use-After-Free

win32k Clipboard Bitmap - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=533 This PoC triggers a crash on Windows 7 32-bit with Special Pool enabled on win32k.sys. The kernel crashes due to a use-after-free condition with bitmaps in the clipboard. ---...

win32k Clipboard Bitmap - Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=533 This PoC triggers a crash on Windows 7 32-bit with Special Pool enabled on win32k.sys. The kernel crashes due to a use-after-free condition with bitmaps in the clipboard. --- Note that multiple PoC executions and...

Autodesk Design Review BMP RLE Remote Code Execution Vulnerability

Autodesk Design Review is free DWF viewer software. A security vulnerability exists in Autodesk Design Review's handling of BMP files due to a failure to ensure that run-length encoded data is written outside of an allocated buffer. An attacker could exploit this vulnerability to execute arbitrar...

Autodesk Design Review BMP biClrUsed Remote Code Execution Vulnerability

Autodesk Design Review is free DWF viewer software. Autodesk Design Review suffers from a security vulnerability in the handling of BMP files due to an integer overflow test failure when multiplying the biClrUsed value by four. An attacker could exploit this vulnerability to execute arbitrary cod...

flash-plugin: multiple code execution issues fixed in APSB15-32

Integer overflow in the Shader filter implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow...

[SECURITY] Fedora 22 Update: potrace-1.13-2.fc22

Potrace is a utility for tracing a bitmap, which means, transforming a bitm ap into a smooth, scalable image. The input is a bitmap PBM, PGM, PPM, or BMP format, and the default output is an encapsulated PostScript file EPS. A typical use is to create EPS files from scanned data, such as company ...

[SECURITY] Fedora 23 Update: potrace-1.13-2.fc23

Potrace is a utility for tracing a bitmap, which means, transforming a bitm ap into a smooth, scalable image. The input is a bitmap PBM, PGM, PPM, or BMP format, and the default output is an encapsulated PostScript file EPS. A typical use is to create EPS files from scanned data, such as company ...

Samsung Galaxy S6 Edge Memory Corruption Vulnerability

Samsung Galaxy S6 Edge is a smartphone released by Samsung South Korea. A security vulnerability exists in the media scanning feature of the face recognition library in the android.media.process file in previous versions of the Samsung Galaxy S6 Edge G925VVRU4B0G9. A remote attacker can exploit...

CVE-2015-7897

The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service memory corruption via a crafted BMP image file...

Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash

Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash Source: https://code.google.com/p/google-security-research/issues/detail?id=497 Loading the bitmap bmpmemset.bmp can cause a crash due to a memset writing out of bounds. I/DEBUG 2961: pid: 12383, tid: 12549, name: thread-pool-1...

Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash

Source: https://code.google.com/p/google-security-research/issues/detail?id=497 Loading the bitmap bmpmemset.bmp can cause a crash due to a memset writing out of bounds. I/DEBUG 2961: pid: 12383, tid: 12549, name: thread-pool-1 com.sec.android.gallery3d I/DEBUG 2961: signal 11 SIGSEGV, code 2...

libwmf: heap overflow within the RLE decoding of embedded BMP images

It was discovered that libwmf did not correctly process certain WMF Windows Metafiles with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileg...

USN-2751-1 linux-lts-vivid vulnerabilities

Benjamin Randazzo discovered an information leak in the md multiple device driver when the bitmapinfo.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. CVE-2015-5697 Marc-André Lureau discovered that the vhost driver did not properly...

USN-2748-1 linux vulnerabilities

Benjamin Randazzo discovered an information leak in the md multiple device driver when the bitmapinfo.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. CVE-2015-5697 Marc-André Lureau discovered that the vhost driver did not properly...

Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)

Microsoft Windows Kernel - Bitmap Handling Use-After-Free MS15-061 1 Source: https://code.google.com/p/google-security-research/issues/detail?id=293 Platform: Win7 32-bit. trigger.cpp should fire the issue, with two caveats: - PoC will NOT work if compiled as a debug build. - PoC will trigger the...

Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)

Microsoft Windows Kernel - Bitmap Handling Use-After-Free MS15-061 2 Source: https://code.google.com/p/google-security-research/issues/detail?id=311 Bitmap object Use-after-Free 2 The attached PoC triggers a blue screen due to a use after free vulnerability. The crashes are unreliable, however yo...

Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)

Source: https://code.google.com/p/google-security-research/issues/detail?id=311 Bitmap object Use-after-Free 2 The attached PoC triggers a blue screen due to a use after free vulnerability. The crashes are unreliable, however you can use Special Pool in order to get reliable crashes. The crashes...

Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)

Source: https://code.google.com/p/google-security-research/issues/detail?id=293 Platform: Win7 32-bit. trigger.cpp should fire the issue, with two caveats: - PoC will NOT work if compiled as a debug build. - PoC will trigger the condition every time but the subsequent corruption might not cause a...

libXfont: missing range check in bdfReadProperties

An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format BDF fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server...