GNU Binutils Denial of Service Vulnerability (CNVD-2017-30073)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A denial of service vulnerability exists in decodelineinfo in dwarf2.c in the Binary File Descriptor BFD library used in GNU Binutils, which can be...

librawspeed: Use-after-poison in void rawspeed::LJpegDecompressor::decodeN<2>

Project: https://github.com/darktable-org/rawspeed.git Detailed report: https://oss-fuzz.com/testcase?key=6010819949101056 Project: librawspeed Fuzzer: afllibrawspeedFiffParserFuzzer-GetDecoder-Decode Fuzz target binary: FiffParserFuzzer-GetDecoder-Decode Job Type: aflasanlibrawspeed Platform Id:...

CVE-2017-14734

The buildmsps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted BPG file, related to hevcdecodeinit1...

ImageMagick Denial of Service Vulnerability (CNVD-2017-31147)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A denial of service vulnerability exists in the 'sixeldecode' function in the coders/sixel.c file in ImageMagick versi...

DEBIAN-CVE-2017-14626

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixeldecode in coders/sixel.c...

UBUNTU-CVE-2017-14626

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixeldecode in coders/sixel.c...

FreeBSD : ruby -- multiple vulnerabilities (95b01379-9d52-11e7-a25c-471bafc3262f)

Ruby blog : CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby...

ALPINE-CVE-2017-14033

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service interpreter crash via a crafted string...

DEBIAN-CVE-2017-13043

The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decodemulticastvpn...

CVE-2017-13053

The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decodertroutinginfo...

UBUNTU-CVE-2017-13053

The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decodertroutinginfo...

UBUNTU-CVE-2017-13043

The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decodemulticastvpn...

PT-2017-12897

Name of the Vulnerable Software and Affected Versions tcpdump versions prior to 4.9.2 Description The issue is related to a buffer over-read in the BGP parser, specifically in the decode rt routing info function within print-bgp.c. Recommendations For versions prior to 4.9.2, update to version...

Denial of Service Vulnerability in Video Pioneer

Video Pioneer is a software that can play video and audio online based on P2P Cloud 3D technology, supports HTTP, MMS and other streaming protocols, and smoothly plays WMV/asf/MP3/WMA/SWf and other audio and video formats. A denial of service vulnerability exists in AV Pioneer, where an...

Libidn2 'decode_digit' function integer overflow vulnerability

Libidn2 is a package that implements string preprocessing, Punycode, and IDNA specification definitions through the IETF International Domain Name IDN. An integer overflow vulnerability exists in the 'decodedigit' function of the punydecode.c file in Libidn2 versions prior to 2.0.4. A remote...

Ruby URI.decode_www_form_component Method Denial of Service Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. A security vulnerability exists in the URI.decodewwwformcomponent method in Ruby versions prior to 1.9.2-p330. A remote attacker can exploit this...

CVE-2017-14128

The decodelineinfo function in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service read1byte heap-based buffer over-read and application crash via a crafted ELF file...

GNU Binutils Denial of Service Vulnerability (CNVD-2017-25454)

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

DEBIAN-CVE-2017-14128

The decodelineinfo function in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service read1byte heap-based buffer over-read and application crash via a crafted ELF file...

unrar null pointer dereference vulnerability

unrar also known as unrar-free or unrar-gpl is a decompression software used in Linux. A security vulnerability exists in the 'DecodeNumber' function of the unrarlib.c file in unrar version 0.0.1. The vulnerability can be exploited to cause a denial of service null pointer backreference with the...