CVE-2007-5497

Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image...

CVE-2007-5497

Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image...

DTSA-95-1 e2fsprogs - multiple integer overflows

Bulletin has no description...

openSUSE 10 Security Update : e2fsprogs (e2fsprogs-4739)

This update of e2fsprogs fixes several integer overflows in memory allocating code. Programs that use libext2fs are therefore vulnerable to memory corruptions that can lead to arbitrary code execution while loading a specially crafted image. CVE-2007-5497 %NASLMINLEVEL 70300 C Tenable Network...

Ubuntu 7.10 : php5 regression (USN-549-2)

USN-549-1 fixed vulnerabilities in PHP. However, some upstream changes were incomplete, which caused crashes in certain situations with Ubuntu 7.10. This update fixes the problem. We apologize for the inconvenience. It was discovered that the wordwrap function did not correctly check lengths...

CVE-2007-5503

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the readpng function...

CVE-2007-5503

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the readpng function...

CVE-2007-5503

CVE-2007-5503 relates to Cairo before 1.4.12, where multiple integer overflows in the read_png function can allow remote attackers to execute arbitrary code via a crafted PNG file. The issue affects Cairo’s PNG handling and is addressed by upgrading Cairo to 1.4.12 or later (vulnerable code path:...

CVE-2007-4347

Multiple integer overflows in the Job Engine bengine.exe service in Symantec Backup Exec for Windows Servers BEWS 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service CPU and memory consumption via a crafted packet to port 5633/tcp, which triggers an infinite lo...

PT-2007-1121 · Cairo +1 · Cairo +1

Name of the Vulnerable Software and Affected Versions: Cairo versions prior to 1.4.12 Description: The issue is related to multiple integer overflows that may allow remote attackers to execute arbitrary code. This can be achieved by using a crafted PNG image with large width and height values,...

Ubuntu 5.04 / 5.10 / 6.06 LTS : ffmpeg, xine-lib vulnerabilities (USN-358-1)

XFOCUS Security Team discovered that the AVI decoder used in xine-lib did not correctly validate certain headers. By tricking a user into playing an AVI with malicious headers, an attacker could execute arbitrary code with the target user's privileges. CVE-2006-4799 Multiple integer overflows wer...

Ubuntu 5.10 / 6.06 LTS / 6.10 : xorg, xorg-server vulnerabilities (USN-403-1)

The DBE and Render extensions in X.org were vulnerable to integer overflows, which could lead to memory overwrites. An authenticated user could make a specially crafted request and execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the preceding...

Ubuntu 5.04 / 5.10 / 6.06 LTS : libxfont, xorg vulnerabilities (USN-344-1)

iDefense security researchers found several integer overflows in X.org's font handling library. By using a specially crafted Type1 CID font file, a local user could exploit these to crash the X server or execute arbitrary code with root privileges. Note that Tenable Network Security has extracted...

Ubuntu 5.10 / 6.06 LTS / 6.10 : libwpd vulnerability (USN-437-1)

Sean Larsson of iDefense Labs discovered that libwpd was vulnerable to integer overflows. If a user were tricked into opening a specially crafted WordPerfect document with an application that used libwpd, an attacker could execute arbitrary code with user privileges. Note that Tenable Network...

Ubuntu 5.04 / 5.10 / 6.06 LTS : freetype vulnerabilities (USN-291-1)

Several integer overflows have been discovered in the FreeType library. By tricking a user into installing and/or opening a specially crafted font file, these could be exploited to execute arbitrary code with the privileges of that user. Note that Tenable Network Security has extracted the...

CVE-2007-4766

Multiple integer overflows in Perl-Compatible Regular Expression PCRE library before 7.3 allow context-dependent attackers to cause a denial of service crash or execute arbitrary code via unspecified escape backslash sequences...

CVE-2007-4766

Multiple integer overflows in Perl-Compatible Regular Expression PCRE library before 7.3 allow context-dependent attackers to cause a denial of service crash or execute arbitrary code via unspecified escape backslash sequences...

CVE-2007-4766

CVE-2007-4766 concerns the PCRE library: multiple integer overflows in PCRE before 7.3 can be exploited via certain backslash escape sequences to cause a denial of service (crash) or arbitrary code execution. Affected component: PCRE. Remediation: update to PCRE 7.3 or later (or apply vendor-supp...

CVE-2007-4766

Multiple integer overflows in Perl-Compatible Regular Expression PCRE library before 7.3 allow context-dependent attackers to cause a denial of service crash or execute arbitrary code via unspecified escape backslash sequences...

Python: User-assisted execution of arbitrary code

Background Python is an interpreted, interactive, object-oriented programming language. Description Slythers Bro discovered multiple integer overflows in the imageop module, one of them in the tovideo method, in various locations in files imageop.c, rbgimgmodule.c, and also in other files. Impact...