jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_

JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash...

Mozilla: Out-of-bounds write during BinHex decoding (MFSA 2017-11, MFSA 2017-12)

An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

EulerOS 2.0 SP2 : nss, nss-util (EulerOS-SA-2017-1076)

According to the version of the nss, nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create...

EulerOS 2.0 SP1 : nss, nss-util (EulerOS-SA-2017-1075)

According to the version of the nss, nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create...

PT-2017-18299 · Underbit Technologies +1 · Libmad +1

Name of the Vulnerable Software and Affected Versions: libmad version 0.15.1b Description: The issue allows remote attackers to cause a denial of service, which can lead to a heap-based buffer overflow and application crash, or possibly have other unspecified impacts. This is achieved through a...

Ubuntu: Security Advisory (USN-3270-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : nss / nss-util (ALAS-2017-825)

An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an...

openSUSE Security Update : ffmpeg (openSUSE-2017-524)

This update for ffmpeg to version 3.3 fixes several issues. These security issues were fixed : - CVE-2016-10190: Heap-based buffer overflow in libavformat/http.c in FFmpeg allowed remote web servers to execute arbitrary code via a negative chunk size in an HTTP response boo1022920 - CVE-2016-1019...

Ubuntu 14.04 LTS / 16.04 LTS : NSS vulnerabilities (USN-3270-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3270-1 advisory. Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker...

USN-3270-1: NSS vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key...

USN-3270-1 nss vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key...

Critical: nss, nss-util

Issue Overview: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the...

openSUSE Security Update : Mozilla Firefox (openSUSE-2017-509)

Mozilla Firefox was updated to Firefox 52.1.0esr. The following vulnerabilities were fixed bsc1035082 : - CVE-2017-5443: Out-of-bounds write during BinHex decoding - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - CVE-2017-5464: Memory corruption wi...

Scientific Linux Security Update : nss-util on SL6.x, SL7.x x86_64 (20170420)

Security Fixes : - An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of th...

Mozilla: Out-of-bounds write during BinHex decoding (MFSA 2017-11, MFSA 2017-12)

An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

FreeBSD : NSS -- multiple vulnerabilities (4cb165f0-6e48-423e-8147-92255d35c0f7)

Mozilla Foundation reports : An out-of-bounds write during Base64 decoding operation in the Network Security Services NSS library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to addres...

Mozilla: Out-of-bounds write during BinHex decoding (MFSA 2017-11, MFSA 2017-12)

An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10)

An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an...

nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10)

An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an...

Critical: Red Hat Security Advisory: nss-util security update

An update for nss-util is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6...