DEBIAN-CVE-2016-9480

libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarfutil.c component, aka DW201611-006...

PT-2016-3347

Name of the Vulnerable Software and Affected Versions libxml2 version 2.9.4 Description The issue is related to the htmlParseTryOrFinish function in HTMLparser.c in libxml2, which allows attackers to cause a denial of service buffer over-read or information disclosure. This is due to a buffer...

LibTIFF tools/tiffcrop.c integer overflow vulnerability

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. A security vulnerability exists in libtiff version 4.0.6 in tools/tiffcrop.c, which can be...

DEBIAN-CVE-2016-9374

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable...

UBUNTU-CVE-2016-9374

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable...

php: Out-of-bounds memory read via gdImageRotateInterpolated

A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted image file could cause a PHP application using the imagerotate function to disclose portions of the server memory or crash the PHP application...

php: Buffer over-read in php_url_parse_ex

The phpurlparseex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via vectors involving the smartstr data type...

CVE-2016-9136

Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8a8a89 allows context-dependent attackers to obtain sensitive information by using the "crafted JavaScript" approach, related to a "Buffer Over-read" issue...

UBUNTU-CVE-2016-9136

Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8a8a89 allows context-dependent attackers to obtain sensitive information by using the "crafted JavaScript" approach, related to a "Buffer Over-read" issue...

DEBIAN-CVE-2016-3621

The LZWEncode function in tiflzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service buffer over-read via a crafted BMP image...

DEBIAN-CVE-2016-3620

The ZIPEncode function in tifzip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service buffer over-read via a crafted BMP image...

UBUNTU-CVE-2016-3620

The ZIPEncode function in tifzip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service buffer over-read via a crafted BMP image...

DEBIAN-CVE-2016-3619

The DumpModeEncode function in tifdumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service buffer over-read via a crafted BMP image...

UBUNTU-CVE-2016-3619

The DumpModeEncode function in tifdumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service buffer over-read via a crafted BMP image...

UBUNTU-CVE-2016-3621

The LZWEncode function in tiflzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service buffer over-read via a crafted BMP image...

openssl: Insufficient TLS session ticket HMAC length checks

An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets...

Wireshark Catapult DCT2000 Parser Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial of service vulnerability exists in the epan/dissectors/packet-catapult-dct2000....

DEBIAN-CVE-2016-3881

The decoderpeeksiinternal function in vp9/vp9dxiface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service buffer over-read, and device hang or reboot vi...

UBUNTU-CVE-2016-3881

The decoderpeeksiinternal function in vp9/vp9dxiface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service buffer over-read, and device hang or reboot vi...

UBUNTU-CVE-2016-7177

epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted packet...