CVE-2007-2443

Integer signedness error in the gssrpcsvcauthunix function in svcauthunix.c in the RPC library in MIT Kerberos 5 krb5 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value...

Integer overflow

Integer signedness error in the gssrpcsvcauthunix function in svcauthunix.c in the RPC library in MIT Kerberos 5 krb5 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value...

CVE-2007-2443

Integer signedness error in the gssrpcsvcauthunix function in svcauthunix.c in the RPC library in MIT Kerberos 5 krb5 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value...

CVE-2007-2443

CVE-2007-2443 : MIT Kerberos 5 before or equal to 1.6.1 contains a signedness error in gssrpc__svcauth_unix() within svc_auth_unix.c of the RPC library, which could let a remote attacker execute arbitrary code via a negative length. Connected advisories indicate patches and backports in krb5/libg...

CVE-2007-2754

Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative npoints value, which leads to an integer overflow and heap-based buffer overflow...

CVE-2007-2754

Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative npoints value, which leads to an integer overflow and heap-based buffer overflow...

CVE-2007-2754

Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative npoints value, which leads to an integer overflow and heap-based buffer overflow...

CVE-2007-2754

CVE-2007-2754 affects FreeType up to 2.3.4 and earlier, where a signedness error in truetype/ttgload.c can trigger a heap-based buffer overflow via a crafted TTF image with a negative n_points, enabling remote code execution per the description. Connected patches exist (e.g., Solaris X11 6.6.2 pa...

CVE-2007-2529

Integer signedness error in the acl facl system call in Solaris 10 before 20070507 allows local users to cause a denial of service kernel panic and possibly gain privileges via a certain argument, related to ACESETACL...

CVE-2007-2529

CVE-2007-2529 affects Solaris 10 (before 20070507) with an integer signedness error in the acl (facl) system call. The underlying issue is a signedness bug in ACE_SETACL handling, enabling local users to trigger a denial of service (kernel panic) and potentially escalate privileges. Publicly docu...

iDefense Security Advisory 05.07.07: Sun Microsystems Solaris ACE_SETACL Integer Signedness DoS Vulnerability

Sun Microsystems Solaris ACESETACL Integer Signedness DoS Vulnerability iDefense Security Advisory 05.07.07 http://labs.idefense.com/intelligence/vulnerabilities/ May 07, 2007 I. BACKGROUND Solaris is a UNIX operating system developed by Sun Microsystems. More information can be found via the...

FreeType 2 -- Heap overflow vulnerability

Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative npoints value, which leads to an integer overflow and heap-based buffer overflow...

CVE-2007-1997

Integer signedness error in the 1 cabunstore and 2 cabextract functions in libclamav/cab.c in Clam AntiVirus ClamAV before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based...

CVE-2007-1997

Integer signedness error in the 1 cabunstore and 2 cabextract functions in libclamav/cab.c in Clam AntiVirus ClamAV before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based...

CVE-2007-1997

CVE-2007-1997 describes an integer signedness error in libclamav/cab.c (cab_unstore and cab_extract) of ClamAV before 0.90.2, where a crafted CHM file containing a negative integer can pass a signed comparison and cause a stack-based buffer overflow, enabling remote code execution according to th...

CVE-2007-1884

Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via 1 certain negative argument numbers that arise in the phpformattedprint function because of 64 to 32 bit...

CVE-2007-1889

Integer signedness error in the zendmmallocint function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msgreceive wi...

CVE-2007-1889

Integer signedness error in the zendmmallocint function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msgreceive wi...

CVE-2007-1884

CVE-2007-1884 affects PHP 4.x before 4.4.5 and PHP 5.x before 5.2.1 on 64‑bit platforms. The vulnerability arises from integer signedness errors in the printf family, allowing context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers from 64→32 bit truncation...

CVE-2007-1889

CVE-2007-1889 is a PHP 5.2.0 vulnerability where an Integer signedness error in the Zend Memory Manager’s _zend_mm_alloc_int can allow remote code execution via large emalloc requests. The issue stems from an incorrect signed long cast, demonstrated via the HTTP SOAP client and a msg_receive call...