CVE-2009-3616

Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then 1 disconnecting during data transfer, 2 sending a message using incorrect integ...

Stack overflow

Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data...

Buffer overflow

Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array aka nsCSSValue:Array data structure, which allows remote attackers to execute arbitrary code vi...

CVE-2008-2785

Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array aka nsCSSValue:Array data structure, which allows remote attackers to execute arbitrary code vi...

CVE-2008-2785

The CVE-2008-2785 issue affects Mozilla Firefox (before 2.0.0.16 and 3.x before 3.0.1), Thunderbird (before 2.0.0.16), and SeaMonkey (before 1.1.11). It stems from using an incorrect integer data type as the CSS object reference counter in the CSSValue array (nsCSSValue:Array) data structure, all...

libexif: Buffer overflow

Background libexif is a library for parsing, editing and saving EXIF metadata from images. Description iDefense Labs have discovered that the exifdataloaddataentry function in libexif/exif-data.c improperly handles integer data while working with an image with many EXIF components, allowing an...