65 matches found
CVE-2016-5296
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...
UBUNTU-CVE-2016-5296
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...
CVE-2014-9799
The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 2013 devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler optimization of an integer-overflow protectio...
CVE-2014-9799
The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 2013 devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler optimization of an integer-overflow protectio...
Integer overflow
The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 2013 devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler optimization of an integer-overflow protectio...
CVE-2014-9799
CVE-2014-9799 concerns Android on Nexus 5 and 7 (2013) devices before 2016-07-05, where a Qualcomm makefile omits -fno-strict-overflow, potentially enabling local privilege escalation via crafted apps that exploit incorrect compiler optimization of an integer-overflow protection mechanism. The is...
CVE-2016-4472
CVE-2016-4472 affects the Expat XML parser: overflow protections can be removed by compilers with certain optimizations, allowing remote attackers to cause a crash or potentially execute code via crafted XML. The entry notes this stems from an incomplete fix for CVE-2015-1283 and CVE-2015-2716. C...
expat2 -- denial of service
Adam Maris reports: It was found that original patch for issues CVE-2015-1283 and CVE-2015-2716 used overflow checks that could be optimized out by some compilers applying certain optimization settings, which can cause the vulnerability to remain even after applying the patch...
CVE-2016-4053
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes ESI responses, related to incorrect use of assert and compiler optimization...
CVE-2016-4053
CVE-2016-4053 in Squid allowed public information disclosure of the server stack layout when processing ESI responses. The issue is documented across multiple advisories (Debian, Red Hat/CentOS, Fedora, Amazon ALAS) with fixes in various branches: Debians fixed squid3 3.1.20-2.2+deb7u5; Jessie/St...
Mandriva Linux Security Advisory : clamav (MDVSA-2015:042)
Updated clamav packages fix security vulnerabilities : ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being security bugs : Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a...
MGASA-2015-0056 Updated clamav packages fix security vulnerabilities
ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being security bugs: Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a heap out of bounds condition with crafted mew packer file...
Updated clamav packages fix security vulnerabilities
ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being security bugs: Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a heap out of bounds condition with crafted mew packer file...
CVE-2015-1463
ClamAV before 0.98.6 allows remote attackers to cause a denial of service crash via a crafted petite packer file, related to an "incorrect compiler optimization."...
Design/Logic Flaw
ClamAV before 0.98.6 allows remote attackers to cause a denial of service crash via a crafted petite packer file, related to an "incorrect compiler optimization."...
CVE-2015-1463
ClamAV before 0.98.6 allows remote attackers to cause a denial of service crash via a crafted petite packer file, related to an "incorrect compiler optimization."...
UBUNTU-CVE-2015-1463
ClamAV before 0.98.6 allows remote attackers to cause a denial of service crash via a crafted petite packer file, related to an "incorrect compiler optimization."...
CVE-2015-1463
ClamAV before 0.98.6 allows remote attackers to cause a denial of service crash via a crafted petite packer file, related to an "incorrect compiler optimization."...
CVE-2013-5180
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveragi...
Design/Logic Flaw
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveragi...