322 matches found
DLA-128-1 sox - security update
Bulletin has no description...
CVE-2014-8145
Multiple heap-based buffer overflows in Sound eXchange SoX 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the 1 startread or 2 AdpcmReadBlock function...
MGASA-2014-0562 Updated unzip package fixes security vulnerabilities
Updated unzip package fix security vulnerabilities: The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification CVE-2014-8139, the testcompreb CVE-2014-8140 and the getZip64Data CVE-2014-8141 functions. The input errors may result in arbitrary code...
Updated sox packages fix CVE-2014-8145
Updated sox packages fix security vulnerability: The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions startread and AdpcmReadBlock. A specially crafted wav file can be used to trigger the vulnerabilities CVE-2014-8145...
Debian DSA-3113-1 : unzip - security update
Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function CVE-2014-8139 , the testcompreb function CVE-2014-8140 and the getZip64Data function...
[SECURITY] [DLA 124-1] unzip security update
Package : unzip Version : 6.0-4+deb6u1 CVE ID : CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 Debian Bug : 773722 Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the...
DLA-124-1 unzip - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3113-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2010-1441
Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted byte stream to the 1 A/52, 2 DTS, or 3 MPEG Audio decoder...
[SECURITY] [DSA 3112-1] sox security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3112-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 23, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 3112-1 (sox - security update)
Michele Spagnuolo of the Google Security Team discovered two heap-based buffer overflows in SoX, the Swiss Army knife of sound processing programs. A specially crafted wav file could cause an application using SoX to crash or, possibly, execute arbitrary code. OpenVAS Vulnerability Test $Id:...
[oCERT-2014-010] SoX input sanitization errors
2014-010 SoX input sanitization errors Description: The SoX project is an open source tool for sound processing. The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions startread and AdpcmReadBlock. A specially crafted wav file can be used to...
Scientific Linux Security Update : jasper on SL6.x, SL7.x i386/x86_64 (20141218)
Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. CVE-2014-9029 A heap-based buffer overflow flaw was found ...
CVE-2014-3564
Multiple heap-based buffer overflows in the statushandler function in 1 engine-gpgsm.c and 2 engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."...
Amazon Linux AMI : httpd24 (ALAS-2014-389)
A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...
F5 Networks BIG-IP : icclib vulnerabilities (SOL9990)
Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in Ghostscript's International Color Consortium Format library icclib. Using specially crafted ICC profiles, an attacker could create a malicious...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.3.0 update
Updated Red Hat JBoss Enterprise Application Platform 6.3.0 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common...
Mandriva Linux Security Advisory : apache (MDVSA-2014:142)
Updated apache package fixes security vulnerabilities : A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a...
Important: httpd24
Issue Overview: A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cau...
CentOS 5 / 6 : httpd (CESA-2014:0920)
Updated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...