lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing

A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...

EUVD-2011-2868

Malware in sbrugna...

CVE-2010-1444

The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service invalid memory access and application crash or possibly execute arbitrary code via a crafted archive...

CVE-2011-2895

The LZW decompressor in 1 the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and 2 compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products,...

CVE-2010-0018

CVE-2010-0018 is an integer overflow in the Windows Embedded OpenType (EOT) Font Engine (t2embed.dll) that could allow remote code execution via specially crafted EOT fonts. The issue occurs when decompressing EOT fonts and affects multiple Windows platforms (including Windows 2000 SP4, XP SP2/SP...

CVE-2010-0018

Integer overflow in the Embedded OpenType EOT Font Engine t2embed.dll in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via...