[SECURITY] [DSA 729-1] New PHP4 packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 729-1 [email protected] http://www.debian.org/security/ Martin Schulze May 26th, 2005 http://www.debian.org/security/faq -...

Fedora Core 2 : gdk-pixbuf-0.22.0-12.fc2 (2005-265)

David Costanzo found a bug in the way gdk-pixbuf processes BMP images. It is possible that a specially crafted BMP image could cause a denial of service attack in applications linked against gdk-pixbuf. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name...

php security update

CentOS Errata and Security Advisory CESA-2005:406 Updated PHP packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache...

Moderate: Red Hat Security Advisory: PHP security update

Updated PHP packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was found in the way PHP...

php security update

CentOS Errata and Security Advisory CESA-2005:405 Updated PHP packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache...

Moderate: Red Hat Security Advisory: PHP security update

Updated PHP packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was found in the way PHP...

PHP: Multiple vulnerabilities

Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description An integer overflow and an unbound recursion were discovered in the...

Debian DSA-708-1 : php3 - missing input sanitising

An iDEFENSE researcher discovered two problems in the image processing functions of PHP, a server-side, HTML-embedded scripting language, of which one is present in PHP3 as well. When reading a JPEG image, PHP can be tricked into an endless loop due to insufficient input validation. %NASLMINLEVEL...

PHP Multiple Image Processing Functions File Handling DoS

According to its banner, the version of PHP installed on the remote host is vulnerable to a denial of service attack due to its failure to properly validate file data in the routines 'phphandleiff' and 'phphandlejpeg', which are called by the PHP function 'getimagesize'. Using a specially crafted...

gtk2 security update

CentOS Errata and Security Advisory CESA-2005:344 Updated gtk2 packages that fix a double free vulnerability are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The gtk2 package contains the GIMP ToolKit GTK+, a library for...

Critical: Red Hat Security Advisory: thunderbird security update

Updated thunderbird packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A buffer overflow bug was found in the way Thunderbird processe...

mozilla -- heap buffer overflow in GIF image processing

A Mozilla Foundation Security Advisory states: An sic GIF processing error when parsing the obsolete Netscape extension 2 can lead to an exploitable heap overrun, allowing an attacker to run arbitrary code on the user's machine...

Cerulean Studios Trillian 3.0 - Remote .png Image File Parsing Buffer Overflow

Cerulean Studios Trillian 3.0 - Remote .png Image File Parsing Buffer Overflow source: https://www.securityfocus.com/bid/12703/info A remote buffer overflow vulnerability affects Cerulean Studios Trillian. This issue is due to a failure of the application to securely copy image data into finite...

Trillian Basic 3.0 - '.png' Image Processing Buffer Overflow

See-security Technologies ltd. http://www.see-security.com Trillian 3.0 PNG Image Processing Buffer overflow Exploit Discovered and coded by: Tal zeltzer import sys import struct Addresses are compatible with Windows XP Service Pack 1 ReturnAddress = 0x77D7A145 Address of "jmp esp" in ntdll.dll...

Trillian Basic 3.0 PNG Image Processing Buffer Overflow Exploit

No description provided by source. See-security Technologies ltd. http://www.see-security.com Trillian 3.0 PNG Image Processing Buffer overflow Exploit Discovered and coded by: Tal zeltzer import sys import struct Addresses are compatible with Windows XP Service Pack 1 ReturnAddress = 0x77D7A145...

Cerulean Studios Trillian 3.0 - Remote '.png' Image File Parsing Buffer Overflow

source: https://www.securityfocus.com/bid/12703/info A remote buffer overflow vulnerability affects Cerulean Studios Trillian. This issue is due to a failure of the application to securely copy image data into finite process buffers. An attacker may leverage this issue to execute arbitrary code...

xv -- filename handling format string vulnerability

A Gentoo Linux Security Advisory reports: Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv. Successful exploitation would require a victim to process a specially crafted image with a malformed filename, potentially resulting in the...

CVE-2005-0406

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image...

CVE-2005-0406

Technical details about CVE-2005-0406 are not publicly provided in the connected documents (no explicit affected products, versions, vectors, or fixes). Monitor for updates.

CVE-2005-0406

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image...