Heap overflow

Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted FLC file, related to crafted DELTAFLI chunks and untrusted length values in a .fli file,...

CVE-2010-0520

Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted FLC file, related to crafted DELTAFLI chunks and untrusted length values in a .fli file,...

curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback

contentencoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service application crash or have unspecified othe...

curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback

contentencoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service application crash or have unspecified othe...

Mozilla Fast-Tracks Fix For Critical Firefox Flaw

Mozilla has fast-tracked a patch for a critical vulnerability affecting its flagship Firefox browser. The patch, which was originally slated for release on March 30, fixes a vulnerability that could allow remote code execution attacks. The flaw was originally released into the VulnDisco exploit...

Firefox 3.6.2 Fixes Decompression Bug

Days before the start of Pwn2Own, Mozilla has patched its flagship Firefox browser. The Firefox 3.6.2 update fixes a critical bug in a font decompression routine that could be exploited to “crash a victim’s browser and execute arbitrary code on his/her system,” Mozilla said in a security advisory...

libcurl / cURL DoS

Resources exhaustion on gzip decompression...

WOFF heap corruption due to integer overflow — Mozilla

Security researcher Evgeny Legerov of Intevydis reported that the WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font. An attacker could use this vulnerability to crash a victim...

DEBIAN-CVE-2010-0734

contentencoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service application crash or have unspecified othe...

libpng DoS

Resources exhaustion on data decompression in pngdecompresschunk...

ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability

ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-025 March 9, 2010 -- CVE ID: CVE-2010-0263 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Office Excel -- Vulnerability Details: This...

Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the decompression of XLSX files. The XL...

Design/Logic Flaw

The pngdecompresschunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of...

CVE-2010-0205

CVE-2010-0205 concerns libpng’s png_decompress_chunk() in libpng 1.0.x (before 1.0.53), 1.2.x (before 1.2.43), and 1.4.x (before 1.4.1). The vulnerability arises from improper handling of compressed ancillary-chunk data with an excessively large uncompressed representation, enabling a crafted PNG...

png -- libpng decompression denial of service

A vulnerability in libpng can result in denial of service conditions when a remote attacker tricks a victim to open a specially-crafted PNG file. The PNG project describes the problem in an advisory: Because of the efficient compression method used in Portable Network Graphics PNG files, a small...

Debian DSA-1835-1 : tiff - several vulnerabilities

Several vulnerabilities have been discovered in the library for the Tag Image File Format TIFF. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2285 It was discovered that malformed TIFF images can lead to a crash in the decompression code, resultin...

Heap overflow

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org OOo before 3.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted GIF file, related to LZW...

CVE-2009-2950

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org OOo before 3.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted GIF file, related to LZW...

CVE-2009-2950

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org OOo before 3.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted GIF file, related to LZW...

CVE-2009-2950

CVE-2009-2950 is a heap-based buffer overflow in OpenOffice.org’s GIFLZWDecompressor (decode.cxx) that can be triggered by a crafted GIF file, potentially causing an application crash or arbitrary code execution. Affected product: OpenOffice.org prior to 3.2. Connected advisories (Debian, Red Hat...