gstreamer-plugins-bad-free: Memory corruption flaw in NSF decoder

A memory corruption flaw was found in GStreamer's Nintendo NSF music file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application...

CVE-2016-9591

JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer...

Tarantool Msgpuck mp_check Denial Of Service Vulnerability

Summary An exploitable incorrect return value vulnerability exists in the mpcheck function of Tarantool’s Msgpuck library 1.0.3. A specially crafted packet can cause the mpcheck function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of ...

CVE-2016-9635

Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Mitigation This...

CVE-2016-9636

Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Mitigation This...

CVE-2016-9447

A memory corruption flaw was found in GStreamer's Nintendo NSF music file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Mitigation sud...

DEBIAN-CVE-2016-4331

When decoding data out of a dataset encoded with the H5ZNBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution...

CVE-2016-4331

When decoding data out of a dataset encoded with the H5ZNBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution...

Design/Logic Flaw

When decoding data out of a dataset encoded with the H5ZNBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution...

UBUNTU-CVE-2016-4331

When decoding data out of a dataset encoded with the H5ZNBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution...

CVE-2016-4331

When decoding data out of a dataset encoded with the H5ZNBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution...

CVE-2016-4331

When decoding data out of a dataset encoded with the H5ZNBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution...

Debian DLA-711-1 : curl security update

CVE-2016-8615 If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. The issue pertains to the function that loads cookies into memory, which reads the...

USN-3123-1: curl vulnerabilities

It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. CVE-2016-7141 Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain strings. A remote...

kernel: Kernel panic and system lockup by triggering BUG_ON() in public_key_verify_signature()

A syntax vulnerability was discovered in the kernel's ASN1.1 DER decoder, which could lead to memory corruption or a complete local denial of service through x509 certificate DER files. A local system user could use a specially created key file to trigger BUGON in the publickeyverifysignature...

CURL-CVE-2016-8622 URL unescape heap overflow via integer truncation

The URL percent-encoding decode function in libcurl is called curleasyunescape. Internally, even if this function would be made to allocate a destination buffer larger than 2GB, it would return that new length in a signed 32-bit integer variable, thus the length would get either truncated only or...

httpd: HTTP request smuggling attack against chunked request parser

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...

Adobe Flash - Crash When Freeing Memory After AVC decoding

Adobe Flash - Crash When Freeing Memory After AVC decoding Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=859 There is a crash when the AVC decoder attempts to free memory, likely indicating memory corruption. Fixed in the September update Proof of Concept:...

Adobe Flash - Crash When Freeing Memory After AVC decoding Exploit

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=859 There is a crash when the AVC decoder attempts to free memory, likely indicating memory corruption. Fixed in the September update Proof of Concept:...

Adobe Flash - Crash When Freeing Memory After AVC decoding

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=859 There is a crash when the AVC decoder attempts to free memory, likely indicating memory corruption. Fixed in the September update Proof of Concept:...