3714 matches found
CVE-2017-16840
The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service out-of-bounds read because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2encdwt.c...
CVE-2017-16840
CVE-2017-16840 affects FFmpeg 3.0 and 3.4, where the VC-2 video encoder (libavcodec/vc2enc.c and vc2enc_dwt.c) allows a remote attacker to trigger a denial of service via an out-of-bounds read caused by incorrect buffer padding for non-Haar wavelets. The issue has been fixed in FFmpeg 3.4.x relea...
FFmpeg Denial of Service Vulnerability (CNVD-2017-37755)
FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team.VC-2 Video Compression encoder is one of the video compression encoders. A security vulnerability exists in the VC-2 Video Compression encoder in FFmpeg version 3.4. A remote attacker can...
[SECURITY] Fedora 27 Update: jbig2dec-0.14-1.fc27
jbig2dec is a decoder implementation of the JBIG2 image compression format. JBIG2 is designed for lossy or lossless encoding of 'bilevel' 1-bit monochrome images at moderately high resolution, and in particular scanned paper documents. In this domain it is very efficient, offering compression...
SSH Compression Error Checking
The remote host supports algorithms that can use compression. But when ssh attempts to use compression for that communication, the connections do not succeed. TRUSTED...
Debian DSA-4013-1 : openjpeg2 - security update
Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks ...
[SECURITY] Fedora 25 Update: openvpn-2.4.4-1.fc25
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...
CVE-2017-15535
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors aka wire protocol compression, which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory...
CVE-2017-15535
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors aka wire protocol compression, which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory...
Design/Logic Flaw
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors aka wire protocol compression, which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory...
UBUNTU-CVE-2017-15535
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors aka wire protocol compression, which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory...
CVE-2017-15535
CVE-2017-15535 affects MongoDB 3.4.x before 3.4.10 and 3.5.x-development in the wire protocol compression feature (networkMessageCompressors), which is disabled by default but if enabled can allow a remote attacker to cause a denial of service or modify memory. Public advisories and updates exist...
CVE-2017-15535
Removed by vendor...
CVE-2017-15535
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors aka wire protocol compression, which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory...
Debian: Security Advisory (DSA-4013-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
7zip HFS+ NArchive::NHfs::CHandler::ExtractZlibFile Code Execution Vulnerability(CVE-2016-2334)
DESCRIPTION An exploitable heap overflow vulnerability exists in the NArchive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip that can lead to arbitrary code execution. TESTED VERSIONS 7-Zip 32 15.05 beta 7-Zip 64 9.20 PRODUCT URLS http://www.7-zip.org/ CVSSv3 SCORE 7.3 -...
[SECURITY] Fedora 25 Update: upx-3.94-1.fc25
UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...
Apple Image I/O EXR Compression Remote Code Execution Vulnerability(CVE-2016-4630)
SUMMARY An exploitable heap based buffer overflow exists in the handling of EXR images on OS X. A crafted EXR document can lead to a heap based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved EXR file delivered by other means when opened in any...
[SECURITY] Fedora 27 Update: upx-3.94-1.fc27
UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...
WordPress Smush Image Compression and Optimization plugin <=2.7.5 - File Traversal vulnerability
File Traversal vulnerability found by Ricardo Sánchez in WordPress Smush Image Compression and Optimization plugin versions =2.7.5. Solution Update the WordPress Smush Image Compression and Optimization plugin to the latest available version at least 2.7.6...