[ASA-201706-20] thunderbird: multiple issues

Arch Linux Security Advisory ASA-201706-20 ========================================== Severity: Critical Date : 2017-06-16 CVE-ID : CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-77...

Mozilla: Out-of-bounds read in Opus encoder (MFSA 2017-16)

An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

CVE-2017-7758

An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

CVE-2017-7758

An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

Security vulnerabilities fixed in Thunderbird 52.2 — Mozilla

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. A use-after-free vulnerability when using an incorrect URL during the...

UBUNTU-CVE-2017-7758

An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

Security vulnerabilities fixed in Firefox 54 — Mozilla

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. A use-after-free vulnerability when using an incorrect URL during the...

AVEVideoEncoder Component Memory Corruption Vulnerability in Multiple Apple Products (CNVD-2017-07729)

Apple iOS, tvOS and watchOS are all products of Apple Inc. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. avevideoEncoder is one of the video encoders. A memory corruption vulnerability exists in the...

AVEVideoEncoder Component Memory Corruption Vulnerability in Multiple Apple Products (CNVD-2017-07726)

Apple iOS, tvOS and watchOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system.AVEVideoEncoder is one of the video encoder.... A memory corruption vulnerability exists in the...

CVE-2017-6995

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of servic...

CVE-2017-6998

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of servic...

CVE-2017-6999

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of servic...

CVE-2017-6997

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of servic...

CVE-2017-0594

CVE-2017-0594 affects Android Mediaserver’s Mediaserver component, specifically codecs/aacenc/SoftAACEncoder2.cpp in libstagefright. The issue is an elevation of privilege vulnerability that could allow a local malicious application to execute arbitrary code within the context of a privileged pro...

UBUNTU-CVE-2017-8906

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax in MulticoreWare x265 through 2.4, as used by the x265encoderencode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in th...

CVE-2017-8906

CVE-2017-8906 describes an integer underflow in pixel-a.asm (planeClipAndMax) in MulticoreWare x265 up to version 2.4, as used by x265_encoder_encode in libbpg and other products. A small image can trigger the underflow, leading to a Denial of Service during encoding. The connected documents also...

jasper: use-after-free / double-free in JPC encoder

A use-after-free flaw was found in the way JasPer, before version 2.0.12, decode certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash...

ImageMagick Memory Leak Vulnerability

ImageMagick is the United States ImageMagick Studio, Inc. of a set of open source image processing software, the software can read, convert, write a variety of formats. A memory leak vulnerability in the function named ReadICONImage in the encoder icon.c in ImageMagick version 7.0.5-5 allows remo...

UBUNTU-CVE-2017-8419

LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service stack-based buffer overflow or heap-based buffer overflow or possibly have unspecified other impact via a crafted file, as demonstrated by...

openSUSE Security Update : ffmpeg (openSUSE-2017-524)

This update for ffmpeg to version 3.3 fixes several issues. These security issues were fixed : - CVE-2016-10190: Heap-based buffer overflow in libavformat/http.c in FFmpeg allowed remote web servers to execute arbitrary code via a negative chunk size in an HTTP response boo1022920 - CVE-2016-1019...