MGASA-2017-0206 Updated jbig2dec packages fix security vulnerability

Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code if a malformed image file usually embedded in a PDF document is opened CVE-2016-9601. Artifex jbig2dec has a heap-based buffer over-read leading to...

GLSA-201705-05 : FFmpeg: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201705-05 FFmpeg: Multiple vulnerabilities Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. gst-plugins-libav is affected because this package is bundling a...

CVE-2017-7975

Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2buildhuffmantable function in jbig2huffman.c during operations on a crafted JBIG2 file, leading to a denial of service application crash or possibly execution of arbitrary code...

GLSA-201703-01 : OpenOffice: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201703-01 OpenOffice: User-assisted execution of arbitrary code An exploitable out-of-bounds vulnerability exists in OpenOffice Impress when handling MetaActions. Impact : A remote attacker could entice a user to open a specially...

CVE-2016-8863

Heap-based buffer overflow in the createurllist function in gena/genadevice.c in Portable UPnP SDK aka libupnp before 1.6.21 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an...

CVE-2016-8693

CVE-2016-8693 is a double-free vulnerability in JasPer’s mem_close() inside jas_stream.c (pre-1.900.10). An attacker could crash or possibly execute code via crafted BMP for imginfo. Multiple advisories (Debian DSA-3785-1, CentOS/Red Hat RHSA, Arch ASA-2016... and IBM Cloud/FixCentral entries) do...

Debian DSA-3777-1 : libgd2 - security update

Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian Security Advisory DSA 3724-1 (gst-plugins-good0.10 - security update)

Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html This update removes the insecu...

CVE-2016-1248

Vim CVE-2016-1248 is a modeline input-validation vulnerability in which values for the 'filetype', 'syntax', and 'keymap' options could be exploited to execute arbitrary commands when a user opens a file containing a crafted modeline. Affected Vim versions could be compromised, and Neovim is also...

Foxit Reader < 8.1 Multiple Vulnerabilities

Binary data 8962.prm...

Debian: Security Advisory (DSA-3686-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-6309

statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service use-after-free or possibly execute arbitrary code via a crafted TLS session...

DSA-3671-1 wireshark - security update

Bulletin has no description...

Firefox < 48 Multiple Vulnerabilities (Mac OS X)

The version of Firefox installed on the remote Mac OS X host is prior to 48. It is, therefore, affected by multiple vulnerabilities : - An overflow condition exists in the expat XML parser due to improper validation of user-supplied input when handling malformed input documents. An attacker can...

Foxit Reader < 7.2.2 Multiple Vulnerabilities

Binary data 9459.prm...

Apple OSX WindowServer: heap overflow vulnerability lead to mention the right vulnerability-vulnerability warning-the black bar safety net

! CVE ID CVE-2 0 1 6-4 6 4 0 The CVSS Score 4.4, AV:L/AC:M/Au:N/C:P/I:P/A:P The affected supplier Apple The affected products OSX Vulnerability details This vulnerability allows a remote attacker is able to in easy to install Apple OSX on the execution of arbitrary code. Exploitation of this...

Apple OS X IOAcceleratorFamily2 Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...

Ubuntu: Security Advisory (USN-2934-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : perl-YAML-LibYAML (openSUSE-2016-473)

perl-YAML-LibYAML was updated to fix three security issues. These security issues were fixed : - CVE-2013-6393: The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performed an incorrect cast, which allowed remote attackers to cause a denial of service application crash and...

Debian DSA-3535-1 : kamailio - security update

Stelios Tsampas discovered a buffer overflow in the Kamailio SIP proxy which might result in the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3535. The text...