UBUNTU-CVE-2018-11203

A division by zero was discovered in H5Dbtreedecodekey in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack...

UBUNTU-CVE-2018-11206

An out of bounds read was discovered in H5Ofillnewdecode and H5Ofillolddecode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack...

DEBIAN-CVE-2018-11203

A division by zero was discovered in H5Dbtreedecodekey in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack...

PT-2018-10396 · Hdf +2 · Hdf5 +2

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.10.2 Description: An out of bounds read was discovered in the H5O fill new decode and H5O fill old decode functions in the H5Ofill.c file of the HDF5 library. This issue could allow a remote denial of service or information...

qpid-proton/fuzz-message-decode: Heap-buffer-overflow in pni_decoder_decode_value

Project: https://github.com/apache/qpid-proton.git Detailed report: https://oss-fuzz.com/testcase?key=5311329584807936 Project: qpid-proton Fuzzer: aflqpid-protonfuzz-message-decode Fuzz target binary: fuzz-message-decode Job Type: aflasanqpid-proton Platform Id: linux Crash Type:...

MiniUPnP ngiflib Denial of Service Vulnerability

MiniUPnP is a set of UPnP tools developed by MiniUPnP project that can be used in embedded systems. This tool enables devices in home and corporate networks to connect to each other. ngiflib is one of the GIF image format decoding libraries written in C language. A security vulnerability in the...

DEBIAN-CVE-2016-9601

ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2decodegrayscaleimage function which is used to decode halftone segments in a JBIG2 image. A document PostScript or PDF with an embedded, specially crafted, jbig2 image could trigge...

CVE-2016-9601

ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2decodegrayscaleimage function which is used to decode halftone segments in a JBIG2 image. A document PostScript or PDF with an embedded, specially crafted, jbig2 image could trigge...

Ffmpeg Denial of Service Vulnerability (CNVD-2018-08557)

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'decodeinit' function in the libavcodec/utvideodec.c file in FFmpeg 3.4.2 and earlier versions. A remote attacker can exploit this vulnerability to...

tcpdump: Buffer over-read in print-ospf6.c:ospf6_decode_v3() in OSPFv3 parser

The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6decodev3...

tcpdump: Buffer over-read in print-bgp.c:decode_rt_routing_info() in BGP parser

The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decodertroutinginfo...

SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)

This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed : - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file...

DEBIAN-CVE-2018-9133

ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions coders/tiff.c, which results in a hang tens of minutes with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file...

UBUNTU-CVE-2018-9133

ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions coders/tiff.c, which results in a hang tens of minutes with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file...

Important: Red Hat Security Advisory: rh-ruby23-ruby security, bug fix, and enhancement update

An update for rh-ruby23-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

CVE-2018-8905

In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tiflzw.c via a crafted TIFF file, as demonstrated by tiff2ps...

UBUNTU-CVE-2018-8905

In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tiflzw.c via a crafted TIFF file, as demonstrated by tiff2ps...

Directory traversal

The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did no...

RHEL 7 : ruby (RHSA-2018:0378)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0378 advisory. - ruby: Buffer underrun vulnerability in Kernel.sprintf CVE-2017-0898 - rubygems: Escape sequence in the summary field of gemspec...

Ffmpeg Denial of Service Vulnerability (CNVD-2018-06423)

FFmpeg is a set of open source computer programs that can be used to record, convert digital audio and video to streams under the LGPL or GPL license. A denial of service vulnerability exists in the decodeinit function in libavcodec/utvideodec.c in Ffmpeg versions 3.4.2 and earlier. A remote...