Information disclosure

The photo-decoder implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly initialize memory for rendering of JXR images, which allows remote attackers t...

Microsoft Windows Photo Decoder Information Disclosure Vulnerability (3035126)

This host is missing an important security update according to Microsoft Bulletin MS15-029. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

USN-2521-1 oxide-qt vulnerabilities

Several out-of-bounds write bugs were discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program...

MS15-029: Vulnerability in Windows Photo Decoder Component Could Allow Information Disclosure (3035126)

The version of Microsoft's Photo Decoder Component installed on the remote Windows host is affected by an information disclosure vulnerability due to improperly handled uninitialized memory when parsing specially crafted JPEG XR .JXR image format files. A remote attacker can exploit this...

Google Chrome vpxdecoder Denial of Service Vulnerability

Google Chrome is a web browsing tool developed by Google. A security vulnerability exists in the 'VpxVideoDecoder::VpxDecode' function in the media/filters/vpxvideodecoder.cc file in the vpxdecoder implementation in versions of Google Chrome prior to 41.0.2272.76. ' function in the...

UBUNTU-CVE-2015-1224

The VpxVideoDecoder::VpxDecode function in media/filters/vpxvideodecoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attackers to cause a denial of service out-of-bounds...

chromium-browser: Use-after-free in gif decoder

Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size ...

FreeBSD : chromium -- multiple vulnerabilities (8505e013-c2b3-11e4-875d-000c6e25e3e9)

Chrome Releases reports : 51 security fixes in this release, including : - 456516 High CVE-2015-1212: Out-of-bounds write in media. Credit to anonymous. - 448423 High CVE-2015-1213: Out-of-bounds write in skia filters. Credit to cloudfuzzer. - 445810 High CVE-2015-1214: Out-of-bounds write in ski...

chromium: multiple issues

CVE-2015-1212: Out-of-bounds write in media. - CVE-2015-1213, CVE-2015-1214, CVE-2015-1215: Out-of-bounds write in skia filters. - CVE-2015-1216: Use-after-free in v8 bindings. - CVE-2015-1217: Type confusion in v8 bindings. - CVE-2015-1218: Use-after-free in dom. - CVE-2015-1219: Integer...

Google Chrome < 41.0.2272.76 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 41.0.2272.76. It is, therefore, affected by multiple vulnerabilities as referenced in the 201503stable-channel-update advisory. - Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM...

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 41 to the stable channel for Windows, Mac and Linux. Chrome 41.0.2272.76 contains a number of fixes and improvements, including: A number of new apps/extension APIs Lots of under the hood changes for stability and performance A list...

[SECURITY] Fedora 20 Update: vorbis-tools-1.4.0-14.fc20

Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The vorbis package contains an encoder, a decoder, a playback tool, and a comment editor...

RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:0264)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0264 advisory. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.6. In a...

OpenJDK: DER decoder infinite loop (Security, 8059485)

A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...

AIX Java Advisory : java_feb2015_advisory.asc (POODLE)

The version of Java SDK installed on the remote host is affected by the following vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block...

netty: DoS via memory exhaustion during data aggregation

A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service...

Oracle Java SE 5 < Update 76 / 6 < Update 86 / 7 < Update 73 / 8 < Update 26 Multiple Vulnerabilities

Binary data 8897.prm...

RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2015:0136)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0136 advisory. - ICU: font parsing OOB read OpenJDK 2D, 8055489 CVE-2014-6585 - ICU: font parsing OOB read OpenJDK 2D, 8056276 CVE-2014-6591 - OpenJDK:...

OpenJDK: DER decoder infinite loop (Security, 8059485)

A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...

OpenJDK: DER decoder infinite loop (Security, 8059485)

A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...