CVE-2017-14631

sam2p 0.49.3 is affected by CVE-2017-14631 due to a signedness error in pcxLoadRaster within in_pcx.cpp, causing a heap-based buffer overflow. This affects the ability to process inputs that trigger the flaw and can lead to denial of service as described in CNVD-2017-34028 and related advisories....

CVE-2017-14631

In sam2p 0.49.3, the pcxLoadRaster function in inpcx.cpp has an integer signedness error leading to a heap-based buffer overflow...

CVE-2017-14629

CVE-2017-14629 affects sam2p 0.49.3: the in_xpm_reader function in in_xpm.cpp contains a signedness error that can crash the process when writing to an out-of-bounds array element (DoS). Multiple connected sources confirm the same issue and list this CVE among a set of fixes for sam2p; upstream r...

[ASA-201709-10] ffmpeg: denial of service

Arch Linux Security Advisory ASA-201709-10 ========================================== Severity: Medium Date : 2017-09-15 CVE-ID : CVE-2017-14054 CVE-2017-14055 CVE-2017-14056 CVE-2017-14057 CVE-2017-14058 CVE-2017-14059 CVE-2017-14169 CVE-2017-14170 CVE-2017-14171 CVE-2017-14222 CVE-2017-14223...

CVE-2017-14169

In the mxfreadprimerpack function in libavformat/mxfdec.c in FFmpeg 3.3.3 - 2.4, an integer signedness error might occur when a crafted file, which claims a large "itemnum" field such as 0xffffffff, is provided. As a result, the variable "itemnum" turns negative, bypassing the check for a large...

CVE-2017-14169

In the mxfreadprimerpack function in libavformat/mxfdec.c in FFmpeg 3.3.3 - 2.4, an integer signedness error might occur when a crafted file, which claims a large "itemnum" field such as 0xffffffff, is provided. As a result, the variable "itemnum" turns negative, bypassing the check for a large...

CVE-2017-14169

In the mxfreadprimerpack function in libavformat/mxfdec.c in FFmpeg 3.3.3 - 2.4, an integer signedness error might occur when a crafted file, which claims a large "itemnum" field such as 0xffffffff, is provided. As a result, the variable "itemnum" turns negative, bypassing the check for a large...

CVE-2017-14169

CVE-2017-14169 affects FFmpeg/libavformat: specifically the mxf_read_primer_pack function in libavformat/mxfdec.c. The description documents an integer signedness error when a crafted MXF file provides a large item_num (e.g., 0xffffffff), causing item_num to become negative and bypassing the chec...

CVE-2017-14169

In the mxfreadprimerpack function in libavformat/mxfdec.c in FFmpeg 3.3.3 - 2.4, an integer signedness error might occur when a crafted file, which claims a large "itemnum" field such as 0xffffffff, is provided. As a result, the variable "itemnum" turns negative, bypassing the check for a large...

CVE-2017-12140

The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file...

CVE-2017-12140

CVE-2017-12140 affects ImageMagick 7.0.6-1 where ReadDCMImage (coders/dcm.c) has an integer signedness error that can cause excessive memory consumption when processing a crafted DCM file. This root cause is explicitly tied to the ReadDCMImage function and may lead to memory exhaustion on vulnera...

CVE-2017-12140

The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file...

Juniper Junos libgd Compressed GD2 Data RCE (JSA10798)

According to its self-reported version number, the remote Juniper Junos device is affected by an integer signedness error in the included GD Graphics Library libgd when handling compressed GD2 data due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit...

EulerOS 2.0 SP2 : gd (EulerOS-SA-2017-1128)

According to the version of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Integer signedness error in the dynamicGetbuf function in gdiodp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP before 5.6.28 and...

Debian DLA-949-1 : miniupnpc security update

It was discovered that there was a integer signedness error in the miniupnpc UPnP client that could allow remote attackers to cause a denial of service attack. For Debian 7 'Wheezy', this issue has been fixed in miniupnpc version 1.5-2+deb7u2. We recommend that you upgrade your miniupnpc packages...

[SECURITY] [DLA 949-1] miniupnpc security update

Package : miniupnpc Version : 1.5-2+deb7u2 CVE ID : CVE-2017-8798 Debian Bug : 862273 It was discovered that there was a integer signedness error in the miniupnpc UPnP client that could allow remote attackers to cause a denial of service attack. For Debian 7 "Wheezy", this issue has been fixed in...

miniupnpc 2.0.20170421 Denial Of Service Exploit

miniupnpc suffers from an integer signedness error when parsing a chunked encoded http response. Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798 Version: 0.6 Date: May 1st, 2017 Tag: miniupnp miniupnpc getHTTPResponse chunked encoding integer signedness error Overview...

DEBIAN-CVE-2017-8798

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact...

CVE-2017-8798

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact...

CVE-2017-8798

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact...