Design/Logic Flaw

The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability."...

Microsoft Windows Cinepak codec memory corruption

Memory corruption on data decompression...

ZDI-10-148: Microsoft Cinepak Codec CVDecompress Remote Code Execution Vulnerability

ZDI-10-148: Microsoft Cinepak Codec CVDecompress Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-148 August 10, 2010 -- CVE ID: CVE-2010-2553 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft File Format...

Sun Java Runtime Environment Pack200 Decompression Integer Overflow (CVE-2008-5352; CVE-2009-1095)

There exists an integer overflow vulnerability in Sun Java Runtime Environment software. The vulnerability is due to insufficient validation while decompressing Pack200 jar.pack.gz files. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted HTML file...

libpng: excessive memory consumption due to highly compressed huge ancillary chunk

The pngdecompresschunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of...

Kaspersky Antivirus <= 6.0.1.411 UPX DoS Vulnerability

Kaspersky AntiVirus Engine 6.0.1.411 for Windows allows remote attackers to cause a denial of service CPU consumption via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression. SPDX-FileCopyrightText: 2010 LSS Some text descriptions might be...

Adobe Flash Player Multiple Tag JPEG Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required in that a target must visit a malicious website. The specific flaw exists within the code for parsing embedded image data within SWF files. The...

flash-plugin: multiple security flaws (APSB10-14)

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and...

flash-plugin: multiple security flaws (APSB10-14)

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and...

Microsoft Media Decompression Remote Code Execution Vulnerability (979902)

This host is missing a critical security update according to Microsoft Bulletin MS10-033. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS10-033: Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)

The remote Windows host has multiple unspecified code execution vulnerabilities related to media decompression. A remote attacker could exploit this by tricking a user into opening a specially crafted media file, resulting in arbitrary code execution. C Tenable Network Security, Inc...

CVE-2010-1880

Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."...

CVE-2010-1879

Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability."...

Design/Logic Flaw

Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."...

CVE-2010-1879

Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability."...

CVE-2010-1879

CVE-2010-1879 corresponds to a remote code execution vulnerability in Microsoft DirectShow/Media Decompression. The issue affects Quartz.dll (DirectShow), Windows Media Format Runtime versions 9, 9.5, 11, Media Encoder 9, and Asycfilt.dll, where specially crafted media data (notably MJPEG in AVI ...

Microsoft Security Bulletin MS10-033 - Critical Vulnerabilities in Media Decompression Could Allow Remote Code Execution &#40;979902&#41;

Microsoft Security Bulletin MS10-033 - Critical Vulnerabilities in Media Decompression Could Allow Remote Code Execution 979902 Published: June 08, 2010 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in Microsoft Windows...

FreeBSD : png -- libpng decompression denial of service (4fb5d2cd-4c77-11df-83fb-0015587e2cc1)

A vulnerability in libpng can result in denial of service conditions when a remote attacker tricks a victim to open a specially crafted PNG file. The PNG project describes the problem in an advisory : Because of the efficient compression method used in Portable Network Graphics PNG files, a small...

GNU gzip LZH Decompression make_table Stack Modification (CVE-2006-4335)

GNU gzip is a popular compression and decompression utility that ships with all standard Linux distributions, as well as commercial Unix-based operating systems. The utility can create and decompress files which are stored using the DEFLATE algorithm. In addition to the algorithm used in the...

CVE-2010-0526

Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not properly handled during...