Fedora Core 3 : php-4.3.10-3.2 (2004-568)

Tue Dec 21 2004 Joe Orton 4.3.10-3.2 - fix umask patch 143286 - Wed Dec 15 2004 Joe Orton 4.3.10-3.1 - update to 4.3.10, including security fixes 141135 : - unserializer integer overflows, CVE-2004-1019 - exif image parsing overflow, CVE-2004-1065 Note that Tenable Network Security has extracted...

openmotif21 stack overflows in libxpm

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include 1 multiple integer overflows, 2 out-of-bounds memory accesses, 3 directory traversal, 4 shell metacharacter, 5 endless loops, and 6 memory leaks, which could allow remote attackers to obtain...

CVE-2004-0994

Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the readprffile function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify...

CVE-2004-0994

Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the readprffile function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify...

Debian DSA-608-1 : zgv - integer overflows, unsanitised input

Several vulnerabilities have been discovered in zgv, an SVGAlib graphics viewer for the i386 architecture. The Common Vulnerabilities and Exposures Project identifies the following problems : - CAN-2004-1095 'infamous41md' discovered multiple integer overflows in zgv. Remote exploitation of an...

DSA-608-1 zgv - integer overflows, unsanitised input

Bulletin has no description...

imlib -- xpm heap buffer overflows and integer overflows

Pavel Kankovsky reports: Imlib affected by a variant of CAN-2004-0782 too. I've discovered more vulnerabilities in Imlib 1.9.13. In particular, it appears to be affected by a variant of Chris Evans' libXpm flaw 1 CAN-2004-0782, see http://scary.beasts.org/security/CESA-2004-003.txt. Look at the...

Debian DSA-599-1 : tetex-bin - integer overflows

Chris Evans discovered several integer overflows in xpdf, that are also present in tetex-bin, binary files for the teTeX distribution, which can be exploited remotely by a specially crafted PDF document and lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security,...

[SECURITY] [DSA 599-1] New tetex-bin packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 599-1 [email protected] http://www.debian.org/security/ Martin Schulze November 25th, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 599-1] New tetex-bin packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 599-1 [email protected] http://www.debian.org/security/ Martin Schulze November 25th, 2004 http://www.debian.org/security/faq -...

DSA-599-1 tetex-bin - integer overflows

Bulletin has no description...

CVE-2004-0599

Multiple integer overflows in the 1 pngreadpng in pngread.c or 2 pnghandlesPLT functions in pngrutil.c or 3 progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service application crash via a malformed PNG image...

Mandrake Linux Security Advisory : libxpm4 (MDKSA-2004:137-1)

The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows,...

pdftohtml: Vulnerabilities in included Xpdf

Background pdftohtml is a utility to convert PDF files to HTML or XML formats. It makes use of Xpdf code to decode PDF files. Description Xpdf is vulnerable to multiple integer overflows, as described in GLSA 200410-20. Impact An attacker could entice a user to convert a specially-crafted PDF fil...

Mandrake Linux Security Advisory : XFree86 (MDKSA-2004:138)

The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows,...

GLSA-200411-28 : X.Org, XFree86: libXpm vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200411-28 X.Org, XFree86: libXpm vulnerabilities Several issues were discovered in libXpm, including integer overflows, out-of-bounds memory accesses, insecure path traversal and an endless loop. Impact : An attacker could craft a...

SUSE-SA:2004:041: xshared, XFree86-libs, xorg-x11-libs

The remote host is missing the patch for the advisory SUSE-SA:2004:041 xshared, XFree86-libs, xorg-x11-libs. The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review done by Thomas Biege of the SuSE Security-Tea...

Debian DSA-561-1 : xfree86 - integer and stack overflows

Chris Evans discovered several stack and integer overflows in the libXpm library which is provided by X.Org, XFree86 and LessTif. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-561. The...

Debian DSA-589-1 : libgd1 - integer overflows

'infamous41md' discovered several integer overflows in the PNG image decoding routines of the GD graphics library. This could lead to the execution of arbitrary code on the victim's machine. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

Debian DSA-581-1 : xpdf - integer overflows

Chris Evans discovered several integer overflows in xpdf, a viewer for PDF files, which can be exploited remotely by a specially crafted PDF document and lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...