JVN#82610488 Lhaplus buffer overflow vulnerability

Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user decompresses a specially crafted file, an attacker could execute arbitrary code with the privilege of the user. This vulnerability is different from...

JVN#70734805 Lhaplus buffer overflow vulnerability

Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. If a user opens a specially crafted file, arbitrary code could be executed with the privilege of the user. Impact Arbitrary code could be executed with the...

JVN#62868899 7-ZIP32.DLL buffer overflow vulnerability

7-ZIP32.DLL is an open source library for compression and decompression supporting 7z, zip, and some other format files. 7-ZIP32.DLL is based on "Integrated Archiver API Specification", and called from the compression/decompression software. 7-ZIP32.DLL contains a buffer overflow vulnerability. I...

Multiple vendors ZOO file decompression Infinite Loop DoS PoC

Exploit for multiple platform in category dos / poc ============================================================= Multiple vendors ZOO file decompression Infinite Loop DoS PoC ============================================================= / Exploit for the vulnerability: Multiple vendors ZOO file...

ZOO - '.ZOO' Decompression Infinite Loop Denial of Service (PoC)

/ Exploit for the vulnerability: Multiple vendors ZOO file decompression infinite loop DoS coded by Jean-Sébastien Guay-Leroux September 2006 / include include include // Structure of a ZOO header define ZOOHEADERSIZE 0x0000002a define ZHTEXT 0 define ZHTAG 20 define ZHSTARTOFFSET 24 define...

CVE-2007-1281

Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service CPU consumption via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression...

Integer overflow

Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue...

GLSA-200611-24 : LHa: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200611-24 LHa: Multiple vulnerabilities Tavis Ormandy of the Google Security Team discovered several vulnerabilities in the LZH decompression component used by LHa. The maketable function of unlzh.c contains an array index error a...

Debian DSA-886-1 : chmlib - several vulnerabilities

Several vulnerabilities have been discovered in chmlib, a library for dealing with CHM format files. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-2659 Palasik Sandor discovered a buffer overflow in the LZX decompression method. - CVE-2005-2930 A...

gzip -- multiple vulnerabilities

Problem Description Multiple programming errors have been found in gzip which can be triggered when gzip is decompressing files. These errors include insufficient bounds checks in buffer use, a NULL pointer dereference, and a potential infinite loop. Impact The insufficient bounds checks in buffe...

FreeBSD-SA-06:21.gzip

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:21.gzip Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in gzip Category: contrib Module: gzip Announced: 2006-09-19 Credits: Tavis...

DSA-1026-1 sash - buffer overflows

Bulletin has no description...

Directory traversal

Directory traversal vulnerability in KGB Archiver before 1.1.5.22 allows remote attackers to overwrite arbitrary files wile decompressing an archive, possibly due to directory traversal sequences in a filename...

Socket unreachable and decompression buffer-overflow in Vavoom 1.19.1

Luigi Auriemma Application: Vavoom http://www.vavoom-engine.com Versions: = 1.19.1 Platforms: Windows, DOS, nix, BSD and more Bugs: A socket unreachable B decompression crash Exploitation: remote, versus server and client Date: 26 Mar 2006 Author: Luigi Auriemma e-mail: [email protected] web:...

Heap overflow

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type EOT web font that triggers the...

DEBIAN-CVE-2005-2659

Buffer overflow in the LZX decompression in CHM Lib chmlib 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors...

[SECURITY] [DSA 886-1] New chmlib packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 886-1 [email protected] http://www.debian.org/security/ Martin Schulze November 7th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 886-1] New chmlib packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 886-1 [email protected] http://www.debian.org/security/ Martin Schulze November 7th, 2005 http://www.debian.org/security/faq -...

Microsoft Windows Unchecked Buffer in Decompression Functions (Q329048)

Two vulnerabilities exist in the Compressed Folders function: An unchecked buffer exists in the programs that handles the decompressing of files from a zipped file. A security vulnerability results because attempts to open a file with a specially malformed filename contained in a zipped file coul...

DC++ and its mods remote DoS in bzip2 decompression routine

DC++ and its mods remote DoS in bzip2 decompression routine Critical Security research: http://www.critical.lt Original advisory may be found: http://www.critical.lt/?vulnerabilities/22 PoC file may be found here: http://www.critical.lt/research/dc.zip Vulnerable product: DC++ and its mods all...