CVE-2016-8707

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered...

CVE-2016-8707

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered...

PT-2016-7555 · Imagemagick +2 · Imagemagick +2

Name of the Vulnerable Software and Affected Versions: ImageMagick affected versions not specified Description: An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagick's convert utility. A crafted TIFF document can lead to an out of bounds write, which i...

Foxit Reader and PhantomPDF Denial of Service Vulnerability (CNVD-2016-10514)

Foxit Reader is a PDF document reader from China's Foxit Software Corporation.Foxit PhantomPDF is a commercial version. A denial of service vulnerability exists in the ConvertToPDF plug-in in Foxit Reader and PhantomPDF versions prior to 8.1 on Windows-based platforms. When the gflags application...

Internet Bug Bounty: CachingIterator null dereference when convert to string

https://bugs.php.net/bug.php?id=73073 Please feel free to ask for more technical details if necessary. Thank you for your consideration...

openSUSE Security Update : systemd (openSUSE-2016-1184)

This update for systemd fixes the following issues : - CVE-2016-7796: A zero-length message received over systemd's notification socket could make managerdispatchnotifyfd return an error and, as a side effect, disable the notification handler completely. As the notification socket is...

SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2016:2476-1)

This update for systemd fixes the following security issue : - CVE-2016-7796: A zero-length message received over systemd's notification socket could make managerdispatchnotifyfd return an error and, as a side effect, disable the notification handler completely. As the notification socket is...

QEMU 'pvscsi_convert_sglist()' local denial of service vulnerability

QEMU is a simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. QEMU 'pvscsiconvertsglist' suffers from a local denial of service vulnerability. An attacker is allowed to exploit this vulnerability to crash the application, resultin...

convert-me.com Open Redirect vulnerability

Vulnerable URL: http://www.convert-me.com/go/yaml/http://www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 35263 VIP website status:| Yes Check...

TYPO3 'mso/idna-convert' Library Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3 'mso/idna-convert'. Because the program fails to filter user-supplied input, an attacker could exploit the vulnerability to execute arbitrary...

Foxit Reader 'ConvertToPDF' Plugin Information Disclosure Vulnerability

Foxit Reader is a PDF document reader. An information disclosure vulnerability exists in the Foxit Reader 'ConvertToPDF' plug-in. An attacker can exploit the vulnerability to obtain sensitive information...

Foxit Reader ConvertToPDF TIFF Parsing Remote Code Execution Vulnerability

Foxit Reader is China's Foxit Foxit Software Corporation produced a small PDF document viewing and printing program, PhantomPDF is a commercial version. Foxit Reader and PhantomPDF 8.0.0.624, as well as earlier versions of the ConvertToPDF plug-in has a security vulnerability that can be triggere...

TYPO3 'mso/idna-convert' Library Cross Site Scripting Vulnerability (Jul 2016)

TYPO3 is prone to a cross site scripting vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescripti...

Cross-Site Scripting in third party library mso/idna-convert

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-020...

The vulnerability of the PHP interpreter, which allows attackers to trigger a service failure or exert other effects.

The vulnerability of the pharconverttoother function ext/phar/pharobject.c in the PHP interpreter exists due to the lack of checking the file pointer before it is closed. Exploiting this vulnerability could allow a malicious actor to cause service failures or potentially have other effects using ...

openSUSE Security Update : mercurial (openSUSE-2016-609)

This update for mercurial fixes the following issues : Security issue fixed : - CVE-2016-3105: Fixed arbitrary code execution whenusing the convert extension on Git repo. boo978391 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

openSUSE Security Update : librsvg (openSUSE-2016-608)

This librsvg update to version 2.40.15 fixes the following issues : Security issues fixed : - CVE-2016-4348: DoS parsing SVGs with circular definitions rsvgcssnormalizefontsize function boo977986 Bugs fixed : - Actually scale the image if required, regression fix from upstream git bgo760262. -...

MariaDB Server 10.0.x < 10.0.22 Multiple DoS Vulnerabilities

Binary data 9284.prm...

DEBIAN-CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...