openSUSE Security Update : libarchive (openSUSE-2016-969)

libarchive was updated to fix 20 security issues. These security issues were fixed : - CVE-2015-8918: Overlapping memcpy in CAB parser bsc985698. - CVE-2015-8919: Heap out of bounds read in LHA/LZH parser bsc985697. - CVE-2015-8920: Stack out of bounds read in ar parser bsc985675. - CVE-2015-8921...

The vulnerability of the Flash Player software allows a malicious attacker to execute arbitrary code or cause a service failure.

The Flash Player software contains a vulnerability that stems from the use of memory after decompression in the ByteArray::UncompressViaZlibVariant function. This vulnerability can be exploited by malicious actors using a specially crafted swf file. As a result of exploiting this vulnerability,...

The vulnerability of the Flash Player software allows a malicious attacker to execute arbitrary code or cause a service failure.

The Flash Player software contains a vulnerability that stems from the use of memory after decompression in the ByteArray::UncompressViaZlibVariant function. This vulnerability can be exploited by malicious actors using a specially crafted swf file. As a result of exploiting this vulnerability,...

Symantec Antivirus Decomposer Engine dec2lha Library Remote Stack Buffer Overflow (CVE-2016-2210)

A stack buffer overflow vulnerability exist in the Symantec Antivirus Decomposer Engine dec2lha Library. This vulnerability is due to incorrect decompression of the LZH and LHA archives...

CVE-2016-3646

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ATP; Symantec Data Center Security:Server SDCS:S 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection SEP before 12.1 RU6 MP5; Symantec Endpoint Protection SEP for Mac; Symantec Endpoint Protection SEP for...

Memory Corruption Vulnerability in Multiple Symantec and Norton Products

Symantec Advanced Threat Protection ATP, Symantec Embedded Security:Critical System Protection SES:CSP, and Symantec Data Center Security: Server Advanced SDCS:SA are security products from Symantec Corporation. Advanced SDCS:SA are security products from Symantec, Inc. ATP is a suite of software...

Memory Corruption Vulnerability in Multiple Symantec and Norton Products (CNVD-2016-04439)

Symantec Advanced Threat Protection ATP, Symantec Embedded Security:Critical System Protection SES:CSP, and Symantec Data Center Security: Server Advanced SDCS:SA are security products from Symantec Corporation. Advanced SDCS:SA are security products from Symantec, Inc. ATP is a suite of software...

libarchive Rar decompression function stack buffer overflow vulnerability

libarchive is a multi-format archive and compression library. A stack buffer overflow vulnerability exists in the Rar decompression feature of libarchive. An attacker can exploit this vulnerability to cause a denial of service memory corruption or execute arbitrary code via a specially crafted Ra...

Libarchive Rar RestartModel Code Execution Vulnerability

SUMMARY An exploitable heap overflow vulnerability exists in the Rar decompression functionality of libarchive. A specially crafted Rar file can cause a heap corruption eventually leading to code execution. An attacker can send a malformed file to trigger this vulnerability. TESTED VERSIONS...

libxml2: DoS caused by incorrect error detection during XZ decompression

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...

OurPHP backend has an arbitrary file upload vulnerability

OurPHP 傲派建站系统 is a website content management system developed using PHP language, the developer is Harbin Weicheng Technology Co. The upload file management module under the "Global/Interface" module in the administration background of OurPHP has the function of uploading hidden files. Since the...

Debian Security Advisory DSA 3565-1 (botan1.10 - security update)

Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, including encryption, authentication, X.509v3 certificates and CRLs. CVE-2015-5726 The BER decoder would crash due to reading from offset 0 of an empty vector i...

[SECURITY] [DLA 449-1] botan1.10 security update

Package : botan1.10 Version : 1.10.5-1+deb7u1 CVE ID : CVE-2014-9742 CVE-2015-5726 CVE-2015-5727 CVE-2015-7827 CVE-2016-2194 CVE-2016-2195 CVE-2016-2849 Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, includi...

New Heap-Spray Exploit Tied To LZH Archive Decompression

Researchers found a vulnerability in the classic compression standard Lhasa, once a mainstay for game developers in the mid-’90s and still in use today. Researchers at Cisco’s security research arm, Cisco Talos, identified the vulnerability calling it as a classic heap-spray exploit. In a report...

Comodo AntiVirus - Heap Overflow in LZX Decompression

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=737 LzxDecoder::init initializes the vector LzxDecoder-window to a fixed size of 2^method bytes, which is then used during LzxDecoder::Extract. It's possible for LZX compressed...

Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks

Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=763 The LZMA specification says the following about the memory usage of decompression: "The size of the probability model counter arrays is calculated with the...

Comodo AntiVirus - Heap Overflow in LZX Decompression

Comodo AntiVirus - Heap Overflow in LZX Decompression Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=737 LzxDecoder::init initializes the vector LzxDecoder-window to a fixed size of 2^method bytes, which is then used during LzxDecoder::Extract. It's possible for LZX compressed...

Comodo AntiVirus - Heap Overflow in LZX Decompression

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=737 LzxDecoder::init initializes the vector LzxDecoder-window to a fixed size of 2^method bytes, which is then used during LzxDecoder::Extract. It's possible for LZX compressed streams to exceed this size. Writes to the window buff...

SUSE-SU-2016:0807-1 Security update for clamsap

This update fixes the following security issues: CVE-2015-2278: The LZH decompression implementation allows context-dependent attackers to cause a denial of service out-of-bounds read via unspecified vectors, related to look-ups of non-simple codes. CVE-2015-2282: Stack-based buffer overflow in t...

Buffer overflow in Brotli decompression — Mozilla

Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered...