UBUNTU-CVE-2014-9709

The GetCode function in gdgifin.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function...

unzip: CRC32 verification heap-based buffer overread (oCERT-2014-011)

A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option...

freetype: buffer over-read and integer underflow in tt_face_load_kern()

The ttfaceloadkern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a crafted TrueType font...

freetype: off-by-one buffer over-read in tt_face_load_hdmx()

The ttfaceloadhdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a crafted TrueType font...

SUSE-SU-2015:0669-1 Security update for libssh2_org

The ssh client library libssh2org was updated to fix a security issue. CVE-2015-1782: A malicious server could send a crafted SSHMSGKEXINIT packet, that could lead to a buffer overread and to a crash of the libssh2org using application...

SUSE-SU-2015:0676-1 Security update for libssh2_org

The ssh client library libssh2org was updated to fix a security issue: CVE-2015-1782: A malicious server could send a crafted SSHMSGKEXINIT packet, that could lead to a buffer overread and to a crash of the application using libssh2org. Security Issues: CVE-2015-1782...

hivex: missing checks for small-sized files

It was found that hivex attempted to read, and possibly write, beyond its allocated buffer when reading a hive file with a very small size or with a truncated or improperly formatted content. An attacker able to supply a specially crafted hive file to an application using the hivex library could...

krb5: denial of service flaws when handling RFC 1964 tokens

A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application...

Fedora 21 : unzip-6.0-20.fc21 (2015-2035)

Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread 1174844 - Fix CVE-2014-8140 - out-of-bounds write issue in testcompreb 1174851 - Fix CVE-2014-8141 - getZip64Data out-of-bounds read issues 1174856 - Fix buffer overflow on long file sizes 1191136 - CVE-2014-9636 unzip:...

UBUNTU-CVE-2015-0241

The tochar function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service crash or possibly execute arbitrary code via a 1 large number of digits when processing a numeric...

UBUNTU-CVE-2014-3583

The handleheaders function in modproxyfcgi.c in the modproxyfcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service buffer over-read and daemon crash via long response headers...

DEBIAN-CVE-2014-8710

The decompresssigcompmessage function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted packet...

UBUNTU-CVE-2014-8710

The decompresssigcompmessage function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted packet...

php: heap-based buffer over-read in DateInterval

A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash...

php: multiple buffer over-reads in php_parserr

Multiple buffer over-read flaws were found in the phpparserr function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to crash a PHP application that used the dnsgetrecord function to perform a DNS query...

wireshark: CUPS dissector crash (wnpa-sec-2014-15)

The 1 getquotedstring and 2 getunquotedstring functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service buffer over-read and application crash via a CUPS packet that lacks a trailing '\0' character...

wireshark: CUPS dissector crash (wnpa-sec-2014-15)

The 1 getquotedstring and 2 getunquotedstring functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service buffer over-read and application crash via a CUPS packet that lacks a trailing '\0' character...

krb5: denial of service flaws when handling RFC 1964 tokens

A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application...

php: multiple buffer over-reads in php_parserr

Multiple buffer over-read flaws were found in the phpparserr function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to crash a PHP application that used the dnsgetrecord function to perform a DNS query...

DEBIAN-CVE-2014-6425

The 1 getquotedstring and 2 getunquotedstring functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service buffer over-read and application crash via a CUPS packet that lacks a trailing '\0' character...