GLSA-200511-14 : GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200511-14 GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities iDEFENSE reported a possible heap overflow in the XPM loader CVE-2005-3186. Upon further inspection, Ludwig Nussel discovered two additional issues in the XPM...

libungif security update

CentOS Errata and Security Advisory CESA-2005:828 Updated libungif packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The libungif package contains a shared library of functions for loading...

LiteServe URL Decoding DoS Vulnerability

The remote web server dies when an URL consisting of a long invalid string of % is sent. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

SUSE-SA:2005:050: kernel

The remote host is missing the patch for the advisory SUSE-SA:2005:050 kernel. The Linux kernel was updated to fix the following security issues: - CVE-2005-2457: A problem in decompression of files on 'zisofs' filesystem was fixed. - CVE-2005-2458: A potential buffer overflow in the zlib...

USN-83-2: LessTif 1 vulnerabilities

USN-83-1 fixed some vulnerabilities in the "lesstif2" library. The older "lesstif1" library was also affected, however, a fix was not yet available at that time. This USN fixes the flaws for lesstif1. Please note that there are no supported applications that use this library, so this only affects...

CVE-2004-2265

UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact...

CVE-2004-2265

UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact...

CVE-2004-2265

UUDeview 0.5.20 and earlier insecurely handles temporary files during decoding in the UUDeview code path (uulib/uunconc.c), enabling local users to overwrite arbitrary files via a symlink/temporary filename issue, as used in nzbget before 0.3.0 and potentially other products. The vulnerability st...

FreeBSD : xpm -- image decoding vulnerabilities (ef253f8b-0727-11d9-b45d-000c41e2cdad)

Chris Evans discovered several vulnerabilities in the libXpm image decoder : - A stack-based buffer overflow in xpmParseColors - An integer overflow in xpmParseColors - A stack-based buffer overflow in ParsePixels and ParseAndPutPixels The X11R6.8.1 release announcement reads : This version is...

FreeBSD : tcpdump -- infinite loops in protocol decoding (9fae0f1f-df82-11d9-b875-0001020eed82)

Problem Description Several tcpdump protocol decoders contain programming errors which can cause them to go into infinite loops. Impact An attacker can inject specially crafted packets into the network which, when processed by tcpdump, could lead to a denial-of-service. After the attack, tcpdump...

FreeBSD : gdk-pixbuf -- image decoding vulnerabilities (3d1e9267-073f-11d9-b45d-000c41e2cdad)

Chris Evans discovered several flaws in the gdk-pixbuf XPM image decoder : - Heap-based overflow in pixbufcreatefromxpm - Stack-based overflow in xpmextractcolor - Integer overflows in io-ico.c Some of these flaws are believed to be exploitable. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

FreeBSD-SA-05:10.tcpdump

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:10.tcpdump Security Advisory The FreeBSD Project Topic: Infinite loops in tcpdump protocol decoding Category: contrib Module: tcpdump Announced: 2005-06-09...

tcpdump -- infinite loops in protocol decoding

Problem Description Several tcpdump protocol decoders contain programming errors which can cause them to go into infinite loops. Impact An attacker can inject specially crafted packets into the network which, when processed by tcpdump, could lead to a denial-of-service. After the attack, tcpdump...

IPSwitch IMAP Server LOGON Remote Stack Overflow

No description provided by source. / IpSwitch IMAP Server LOGON stack overflow. Software Hole discovered by iDEFENSE POC written by nolimit and BuzzDee First, some information for the few of you that know how this stuff works. The reason you see no SP2 or 2003 offsets is because of Windows SEH...

gxine: Format string vulnerability

Background gxine is a GTK+ and xine-lib based media player. Description Exworm discovered that gxine insecurely implements formatted printing in the hostname decoding function. Impact A remote attacker could entice a user to open a carefully crafted file with gxine, possibly leading to the...

GLSA-200505-06 : TCPDump: Decoding routines Denial of Service vulnerability

The remote host is affected by the vulnerability described in GLSA-200505-06 TCPDump: Decoding routines Denial of Service vulnerability TCPDump improperly handles and decodes ISIS CAN-2005-1278, BGP CAN-2005-1267, CAN-2005-1279, LDP CAN-2005-1279 and RSVP CAN-2005-1280 packets. TCPDump might loop...

TCPDump: Decoding routines Denial of Service vulnerability

Background TCPDump is a tool for network monitoring and data acquisition. Description TCPDump improperly handles and decodes ISIS CAN-2005-1278, BGP CAN-2005-1267, CAN-2005-1279, LDP CAN-2005-1279 and RSVP CAN-2005-1280 packets. TCPDump might loop endlessly after receiving malformed packets. Impa...

Low: Red Hat Security Advisory: sharutils security update

An updated sharutils package is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format. A stack based overflow bug was found i...

ImageMagick 6.x - '.PNM' Image Decoding Remote Buffer Overflow

source: https://www.securityfocus.com/bid/13351/info A remotely exploitable client-side buffer-overflow vulnerability affects ImageMagick. This issue occurs because the application fails to properly validate the length of user-supplied strings before copying them into static process buffers. An...

USN-92-1: LessTif vulnerabilities

Several vulnerabilities have been found in the XPM image decoding functions of the LessTif library. If an attacker tricked a user into loading a malicious XPM image with an application that uses LessTif, he could exploit this to execute arbitrary code in the context of the user opening the image...