Apple QuickTime 7.2/7.3 RTSP Response Universal Exploit (IE7/FF/Opera)

No description provided by source. !/usr/bin/python http://www.offensive-security.com Bug discovered by Krystian Kloskowski h07 [email protected] Tested on: Apple QuickTime Player 7.3 / 7.2 IE7,FF /Opera, XP SP2, Vista...

[SECURITY] Fedora Core 6 Update: flac-1.1.2-28

FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, flac, a command-line program to encode and decode FLAC files, metaflac, a command-line...

RHEL 4 / 5 : flac (RHSA-2007:0975)

An updated flac package to correct a security issue is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. FLAC is a Free Lossless Audio Codec. The flac package consists of a FLAC encoder and...

flac, xmms security update

CentOS Errata and Security Advisory CESA-2007:0975 An updated flac package to correct a security issue is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. FLAC is a Free Lossless Audio Codec...

CVE-2007-4619

Multiple integer overflows in Free Lossless Audio Codec FLAC libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer...

Integer overflow

Multiple integer overflows in Free Lossless Audio Codec FLAC libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer...

CVE-2007-4619

Multiple integer overflows in Free Lossless Audio Codec FLAC libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer...

[ GLSA 200708-02 ] Xvid: Array indexing vulnerabilities

Gentoo Linux Security Advisory GLSA 200708-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

Xvid: Array indexing vulnerabilities

Background Xvid is a popular open source video codec licensed under the GPL. Description Trixter Jack discovered an array indexing error in the getintrablock function in the file src/bitstream/mbcoding.c. The getinterblockh263 and getinterblockmpeg functions in the same file were also reported as...

LibTIFF库匿名字段合并拒绝服务漏洞

Libtiff是一种TIFF规范的标准ANSI C实现库。 Libtiff处理定制标记存在问题，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 建立匿名字段在前，合并CODEC信息的字段可导致recognised字段出现不期望的值，这种状态可导致异常行为，导致应用程序崩溃或任意代码执行等问题。 S.u.S.E. UnitedLinux 1.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x8664 S.u.S.E. Linux...

Debian DSA-1215-1 : xine-lib - several vulnerabilities

Several remote vulnerabilities have been discovered in the Xine multimedia library, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4799 The XFocus Security Team discovered that insufficient...

Debian DSA-1213-1 : imagemagick - several vulnerabilities

Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation programs, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0082 Daniel Kobras discovered that...

[SECURITY] [DSA 1213-1] New imagemagick packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1213-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 19th, 2006 http://www.debian.org/security/faq -...

Apple QuickTime Player H.264 Codec Remote Integer Overflow

Apple QuickTime Player H.264 Codec Remote Integer Overflow by Piotr Bania [email protected] http://www.piotrbania.com All rights reserved. Severity: Critical - potencial remote code execution. CVE: CVE-2006-4386 Orginal URL:...

Multiple libtiff security vulnerabilities

Denial of service via a TIFF image that triggers errors in the TIFFFetchAnyArray function in tifdirread.c; certain "codec cleanup methods" in tiflzw.c, tifpixarlog.c, and tifzip.c; and improper restoration of setfield and getfield methods in cleanup functions within tifjpeg.c, tifpixarlog.c,...

CVE-2006-2024

Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in 1 the TIFFFetchAnyArray function in a tifdirread.c; 2 certain "codec cleanup methods" in b tiflzw.c, c tifpixarlog.c, and d tifzip.c; 3 and...

CVE-2006-2024

Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in 1 the TIFFFetchAnyArray function in a tifdirread.c; 2 certain "codec cleanup methods" in b tiflzw.c, c tifpixarlog.c, and d tifzip.c; 3 and...

CVE-2006-2024

CVE-2006-2024 refers to multiple vulnerabilities in the libtiff library prior to 3.8.1. Public sources describe issues in TIFF parsing that can allow a context-dependent attacker to trigger a denial of service; related problems include an integer overflow (CVE-2006-2025) and a double-free (CVE-20...

CVE-2006-2024

Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in 1 the TIFFFetchAnyArray function in a tifdirread.c; 2 certain "codec cleanup methods" in b tiflzw.c, c tifpixarlog.c, and d tifzip.c; 3 and...

Ubuntu 4.10 : xine-lib vulnerabilities (USN-42-1)

Several buffer overflows have been discovered in xine-lib, the video/audio codec library for Xine frontends xine-ui, totem-xine, kaffeine, and others. If an attacker tricked a user into loading a malicious RTSP stream or a stream with specially crafted AIFF audio or PNM image data, they could...