CVE-2011-3148

Stack-based buffer overflow in the assembleline function in modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 allows local users to cause a denial of service crash and possibly execute arbitrary code via a long string of white spaces at the beginning of the /.pamenvironment file...

CVE-2011-2199

Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option...

CVE-2012-4024

Stack-based buffer overflow in the getcomponent function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file aka a crafted file for the -ef option. NOTE: probably in most cases, the list file is a trusted file...

CVE-2009-5030

The tcdfreeencode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid...

CVE-2012-1954

Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service heap memory...

CVE-2012-1951

Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service heap...

CVE-2012-1958

Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vecto...

Code injection

Off-by-one error in the exifconvertutf16toutf8 function in exif-entry.c in the EXIF Tag Parsing Library aka libexif before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image...

Buffer overflow

Buffer overflow in the exifentryformatvalue function in exif-entry.c in the EXIF Tag Parsing Library aka libexif 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image...

CVE-2012-2814

CVE-2012-2814 is a buffer overflow in libexif 0.6.20 (exif_entry_format_value in exif-entry.c) that allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags. Connected advisories confirm this flaw across packages (libexif) and note that fixes w...

CVE-2012-2840

Off-by-one error in the exifconvertutf16toutf8 function in exif-entry.c in the EXIF Tag Parsing Library aka libexif before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image...

CVE-2012-2814

Buffer overflow in the exifentryformatvalue function in exif-entry.c in the EXIF Tag Parsing Library aka libexif 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image...

Buffer overflow

Buffer overflow in the Cisco WebEx Recording Format WRF player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted...

CVE-2012-1616

Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted ICC profile file...

CVE-2011-2512

The virtioqueuenotify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service guest crash and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed...

Double free

The pciejwrite function in hw/acpipiix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service guest crash and possibly execute arbitrary code by sendin...

CVE-2012-1616

Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted ICC profile file...

CVE-2011-1751

The pciejwrite function in hw/acpipiix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service guest crash and possibly execute arbitrary code by sendin...

CVE-2012-1616

CVE-2012-1616 is a use-after-free in icclib < 2.13, used by Argyll CMS

CVE-2012-1616

Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted ICC profile file...