Adobe Acrobat Pro DC TTF Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Photoshop JPEG2000 Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

warning message out-of-buffer read

curl contains a heap out of buffer read vulnerability. The command line tool has a generic function for displaying warning and informational messages to stderr for various situations. For example if an unknown command line argument is used, or passed to it in a "config" file. This display functio...

Security fix for the ALT Linux 8 package curl version 7.62.0-alt1

Oct. 31, 2018 Anton Farygin 7.62.0-alt1 - 7.62.0 - fixes: CVE-2018-16839 - buffer overrun in the SASL authentication code. CVE-2018-16840 - use-after-free in handle close CVE-2018-16842 - warning message out-of-buffer read...

curl -- multiple vulnerabilities

curl security problems: CVE-2018-16839: SASL password overflow via integer overflow libcurl contains a buffer overrun in the SASL authentication code. The internal function Curlauthcreateplainmessage fails to correctly verify that the passed in lengths for name and password aren't too long, then...

curl: FTP PWD response parser out of bounds read

libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in anonymous or not, it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double...

DEBIAN-CVE-2018-1056

An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files...

CVE-2018-1056

An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files...

SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2018:1765-1)

This update for ntp fixes the following issues : - Update to 4.2.8p11 bsc1082210 : - CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. - CVE-2018-7182: ctlgetitem: buffer read...

CVE-2018-10623

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote...

Google Android Qualcomm WLAN Information Disclosure Vulnerability (CNVD-2018-22746)

Android on Google Pixel and Nexus is a Linux-based open source operating system for the Google Pixel and Nexus smartphones developed by Google Inc. and the Open Handset Alliance OHA, with Qualcomm WLAN being one of the components used. Qualcomm WLAN is a wireless LAN component developed by Qualco...

[ASA-201805-16] lib32-libcurl-gnutls: multiple issues

Arch Linux Security Advisory ASA-201805-16 ========================================== Severity: Critical Date : 2018-05-18 CVE-ID : CVE-2018-1000300 CVE-2018-1000301 Package : lib32-libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-697 Summary ======= Th...

libgxps gxps-images.c File Stack Buffer Out-of-Bounds Read Vulnerability

libgxps is a library for processing XPS documents based on GObject a C-based framework. A stack buffer out-of-bounds read vulnerability exists in the Glib call to the 'gxpsimagesguesscontenttype' function in the gxps-images.c file in libgxps 0.3.0 and earlier, which stems from the program receivi...

Google Android buffer out-of-bounds read vulnerability (CNVD-2018-09626)

Android is a Linux-based open-source operating system jointly developed by Google and the Open Handheld Alliance OHA for short, and Qualcomm MDM9206 and other central processing unit CPU products from Qualcomm are used in different platforms. A buffer out-of-bounds read vulnerability exists in th...

Google Android buffer out-of-bounds read vulnerability (CNVD-2018-10127)

Android is a Linux-based open-source operating system jointly developed by Google and the Open Handheld Alliance OHA, and Qualcomm MSM8909W is a central processing unit CPU product of Qualcomm. A buffer out-of-bounds read vulnerability exists in the Qualcomm closed-source component in Android...

Buffer under-read in String#unpack

Stringunpack receives format specifiers as its parameter, and can be specified the position of parsing the data by the specifier @. If a big number is passed with @, the number is treated as the negative value, and out-of-buffer read is occurred. So, if a script accepts an external input as the...

libming 'getName' function heap buffer out-of-bounds read vulnerability (CNVD-2018-05218)

libming is a Flash SWF output library written in C for use in systems developed in PHP, Perl, etc. It can be used to output Flash SWF files to the system. A heap buffer out-of-bounds read vulnerability exists in the 'getName' function of the util/decompile.c file in libming version 0.4.8. An...

libming 'getName' function heap buffer out-of-bounds read vulnerability

libming is a Flash SWF output library written in C for use in systems developed in PHP, Perl, etc. It can be used to output Flash SWF files to the system. A heap buffer out-of-bounds read vulnerability exists in the 'getName' function of the util/decompile.c file in libming version 0.4.8. An...

[slackware-security] ntp

New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/ntp-4.2.8p11-i586-1slack14.2.txz: Upgraded. This release addresses five security issues in ntpd: LOW/MEDIUM: Sec 3012 /...

FreeBSD : ntp -- multiple vulnerabilities (af485ef4-1c58-11e8-8477-d05099c0ae8c)

Network Time Foundation reports : The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11. This release addresses five security issues in ntpd : - LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU961909: Sybil vulnerability: ephemeral association attack - INFO/MEDIUM: Sec 3412 / CVE-2018-718...