[SECURITY] [DLA 253-1] libwmf security update

Package : libwmf Version : 0.2.8.4-6.2+deb6u1 CVE ID : CVE-2015-0848 CVE-2015-4588 Debian Bug : 787644 The following vulnerabilities were discovered in the Windows Metafile conversion library when reading BMP images embedded into WMF files: CVE-2015-0848 A heap overflow when decoding embedded BMP...

Debian DLA-253-1 : libwmf security update

The following vulnerabilities were discovered in the Windows Metafile conversion library when reading BMP images embedded into WMF files : CVE-2015-0848 A heap overflow when decoding embedded BMP images that don't use 8 bits per pixel. CVE-2015-4588 A missing check in the RLE decoding of embedded...

Slack: Link vulnerability leads to phishing attacks

Hello Guys, Hope you are doing great. I'm sending this email to let you know about a vulnerability i stumbled upon while using slack it's a great app!. While copy-pasting a link from a pdf to slack desktop/web, i noticed that the resulting links looked a bit messed up 1.png Firing up burp and...

UBUNTU-CVE-2013-1753

The gzipdecode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service memory consumption via a crafted HTTP request...

SUSE-SU-2015:1383-1 Security update for libqt5-qtbase

This security update fixes the following issues: Add libqt5-Fix-a-division-by-zero-processing-malformed-BMP.patch - QTBUG-44547, bsc921999 CVE-2015-0295 Add libqt5-Fixes-crash-in-bmp-and-ico-image-decoding.patch - bsc927806 CVE-2015-1858, bsc927807 CVE-2015-1859 Add...

Mozilla Firefox Conditional Contested Memory Misreference Vulnerability

Mozilla Firefox is a popular open source WEB browser. Mozilla Firefox's creation of a media decoding thread in the shutdown process can lead to a race condition vulnerability that can lead to memory misreferences, which allows remote attackers to exploit the vulnerability to build malicious WEB...

GNU Libtasn1 'decoding.c' Heap Buffer Overflow Vulnerability

GNU Libtasn1 is a stand-alone library written in C for manipulating ASN.1 objects that include DER/BER encoding and decoding. A heap buffer overflow vulnerability exists in the asn1extractderoctet function of GNU Libtasn1 lib/decoding.c. A remote attacker could cause a denial of service by...

Design/Logic Flaw

The asn1extractderoctet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service out-of-bounds heap read via a crafted certificate...

[SECURITY] [DSA 3254-1] suricata security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3254-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 09, 2015 http://www.debian.org/security/faq -...

Mandriva Linux Security Advisory : libtasn1 (MDVSA-2015:232)

Updated libtasn1 packages fix security vulnerability : A malformed certificate input could cause a heap overflow read in the DER decoding functions of Libtasn1. The heap overflow happens in the function asn1extractderoctet CVE-2015-3622. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

libtasn1 buffer overflow

Heap buffer overflow on DER decoding...

[ MDVSA-2015:232 ] libtasn1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:232 http://www.mandriva.com/en/support/security/ Package : libtasn1 Date : May 8, 2015 Affected: Business Server 1.0, Business Server 2.0 Problem Description: Updated libtasn1 packages fix security...

Updated libtasn1 packages fix CVE-2015-3622

Updated libtasn1 packages fix security vulnerability: A malformed certificate input could cause a heap overflow read in the DER decoding functions of Libtasn1. The heap overflow happens in the function asn1extractderoctet CVE-2015-3622...

MGASA-2015-0200 Updated libtasn1 packages fix CVE-2015-3622

Updated libtasn1 packages fix security vulnerability: A malformed certificate input could cause a heap overflow read in the DER decoding functions of Libtasn1. The heap overflow happens in the function asn1extractderoctet CVE-2015-3622...

UBUNTU-CVE-2015-3417

Use-after-free vulnerability in the ffh264freetables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references...

[SECURITY] Fedora 22 Update: libtasn1-4.4-1.fc22

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding func tions...

[ MDVSA-2015:199 ] less

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:199 http://www.mandriva.com/en/support/security/ Package : less Date : April 10, 2015 Affected: Business Server 1.0, Business Server 2.0 Problem Description: Updated less package fixes security vulnerability...

openssl: integer underflow leading to buffer overflow in base64 decoding

An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input such as a PEM file could use this flaw to cause the application to...

libtasn1 stack buffer overflow vulnerability

Libtasn1 is a C library from the GNU project for developing ASN.1 Abstract Syntax Notation One, a standard for describing the representation, encoding, transmission, and decoding of data structure management. A stack buffer overflow vulnerability exists in the asn1derdecoding function in versions...

DEBIAN-CVE-2015-2806

Stack-based buffer overflow in asn1derdecoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors...