procps-ng security update

3.3.10-17.el75.2 - check for truncation after calling snprintf - Related: CVE-2018-1124 3.3.10-17.el75.1 - fix integer overflows leading to heap overflow in file2strvec - Resolves: CVE-2018-1124...

SUSE-SU-2018:1372-1 Security update for python

This update for python fixes the following issues: Security issues fixed: - CVE-2017-1000158: Fixed integer overflows in PyStringDecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution bsc1068664. - CVE-2018-1000030: Fixed crash inside the...

CVE-2018-1124

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code executi...

GLSA-201804-14 : GDK-PixBuf: Remote code execution

The remote host is affected by the vulnerability described in GLSA-201804-14 GDK-PixBuf: Remote code execution Several integer overflows were discovered in GDK-PixBufs gifgetlzw function. Impact : A remote attacker, by enticing a user to process a specially crafted image file, could execute...

GDK-PixBuf: Remote code execution

Background GDK-PixBuf is an image loading library for GTK+. Description Several integer overflows were discovered in GDK-PixBuf’s gifgetlzw function. Impact A remote attacker, by enticing a user to process a specially crafted image file, could execute arbitrary code or cause a Denial of Service...

CVE-2014-2885

Concrete details from connected documents show that CVE-2014-2885 affects TrueCrypt 7.1a via two integer-overflow vectors: (1) OriginalLength handling in EncryptedIoQueue.c:MainThreadProc, enabling local information disclosure; (2) large StartingOffset/Length handling in Ntdriver.c:ProcessVolumeD...

UBUNTU-CVE-2014-5044

Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service Fortran application crash via vectors related to array allocation...

CVE-2014-5044

Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service Fortran application crash via vectors related to array allocation...

SUSE SLES11 Security Update : glibc (SUSE-SU-2018:0565-1)

This update for glibc fixes the following issues: Security issues : - CVE-2017-8804: Fix memory leak after deserialization failure in xdrbytes, xdrstring bsc1037930 - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes bsc1051791 - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal...

Transmission - Integer Overflows Parsing Torrent Files

I took a look at torrent file parsing in libtransmission, there are a few integer overflows because the trnew/trnew0 allocation wrappers don't handle overflow. define trnewstructtype, nstructs \ structtype trmalloc sizeof structtype sizetnstructs define trnew0structtype, nstructs \ structtype...

openSUSE: Security Advisory for glibc (openSUSE-SU-2018:0494-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for glibc (important)

This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-8804: Fix memory leak after deserialization failure in xdrbytes, xdrstring bsc1037930 - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes bsc1051791 - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in...

OPENSUSE-SU-2018:0470-1 Security update for ffmpeg

This update for ffmpeg fixes the following issues: Updated ffmpeg to new bugfix release 3.4.2 Fix integer overflows, multiplication overflows, undefined shifts, and verify buffer lengths. avfilter/vftranspose: Fix used plane count boo1078488, CVE-2018-6392 avcodec/utvideodec: Fix bytes left check...

SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2018:0451-1)

This update for glibc fixes the following issues: Security issues fixed : - CVE-2017-8804: Fix memory leak after deserialization failure in xdrbytes, xdrstring bsc1037930 - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes bsc1051791 - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in...

Pdfium - Pattern Shading Integer Overflows Exploit

Exploit for multiple platform in category dos / poc This vulnerability relies on several minor oversights in the handling of shading patterns in pdfium, I'll try to detail all of the issues that could be fixed to harden the code against similar issues. The DrawXShading functions in...

Pdfium - Pattern Shading Integer Overflows

This vulnerability relies on several minor oversights in the handling of shading patterns in pdfium, I'll try to detail all of the issues that could be fixed to harden the code against similar issues. The DrawXShading functions in cpdfrenderstatus.cpp rely on a helper function to compute the numb...

CVE-2017-12465

Multiple integer overflows in CCN-lite before 2.00 allow context-dependent attackers to have unspecified impact via vectors involving the 1 vallen variable in the iottlvparsesequence function or 2 typ, vallen and i variables in the localrpcparse function...

CVE-2017-12465

Multiple integer overflows in CCN-lite before 2.00 allow context-dependent attackers to have unspecified impact via vectors involving the 1 vallen variable in the iottlvparsesequence function or 2 typ, vallen and i variables in the localrpcparse function...

SUSE-SU-2018:0339-1 Security update for jasper

This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9262: Multiple integer overflows in the jasrealloc function in base/jasmalloc.c and memresize function in base/jasstream.c allow remote attackers to cause a denial of service via a crafted image, which triggers u...

Debian DLA-1262-1 : thunderbird security update

Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, use after free, integer overflows and other implementation errors may lead to crashes or the execution of arbitrary code. For Debian 7 'Wheezy', these problems have been fixed in versio...