libXfont: out-of-bounds memory access in bdfReadCharacters

An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format BDF fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server...

Important: Red Hat Security Advisory: libXfont security update

An updated libXfont package that fixes three security issues is now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

PHP 5.5.x < 5.5.28 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.28. It is, therefore, affected by multiple vulnerabilities : - Multiple use-after-free errors exist in splarray.c, splobserver.c, and spldllist.c due to improper sanitization of input to the...

When ‘int’ is the new ‘short’

Posted by Mark Brand, Truncator of Integers This is going to be a quick post, just describing a particularly interesting Chrome issue that I found last month; how I found it; and what is interesting about it… I was looking through some Chrome networking code; and I noticed an interesting API desi...

IBM Domino GIF Integer Truncation RCE Vulnerability

IBM Domino is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ibm:lotusdomino...

IBM Domino 8.5.x < 8.5.3 Fix Pack 6 Interim Fix 4 GIF Code Execution (credentialed check)

The version of IBM Domino formerly IBM Lotus Domino installed on the remote host is 8.5.x prior to 8.5.3 Fix Pack 6 FP6 Interim Fix 4 IF4. It is, therefore, potentially affected by an integer truncation error when processing GIF files. A remote attacker, using a crafted GIF file, could exploit th...

IBM Domino 9.0.x < 9.0.1 Fix Pack 3 Interim Fix 2 GIF Code Execution (credentialed check)

The version of IBM Domino formerly IBM Lotus Domino installed on the remote host is 9.0.x prior to 9.0.1 Fix Pack 3 FP3 Interim Fix 2 IF2. It is, therefore, potentially affected by an integer truncation error when processing GIF files. A remote attacker, using a crafted GIF file, could exploit th...

IBM Domino 8.5.x < 8.5.3 Fix Pack 6 Interim Fix 4 GIF Code Execution

According to its banner, the version of IBM Domino formerly IBM Lotus Domino running on the remote host is 8.5.x prior to 8.5.3 Fix Pack 6 FP6 Interim Fix 4 IF4. It is, therefore, potentially affected by an integer truncation error when processing GIF files. A remote attacker, using a crafted GIF...

CVE-2015-0135

IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service integer truncation and application crash via a crafted GIF image, aka SPR KLYH9T7NT9...

CVE-2015-0135

IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service integer truncation and application crash via a crafted GIF image, aka SPR KLYH9T7NT9...

IBM Lotus Domino GIF Integer Truncation Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the nrouter.exe component which handles e-mails dispatched from nsmtp.exe listening on port 25...

Updated vlc packages fix security vulnerabilities

Updated vlc packages fix security vulnerabilities: On 32 bit builds, parsing of update status files with a size of 4294967295 or more lead to an integer truncation caused by a cast to sizet in a call to malloc and a subsequent buffer overflow. This happened prior to checking the files' signature...

XnView RAS Image Processing Heap Overflow

No description provided by source. Application: XnView RAS Image Processing Heap Overflow Platforms: Windows Secunia: SA49091 PRL: 2012-14 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2 Report Timeline 3...

MS Windows XP - WmiTraceMessageVa Integer Truncation Vulnerability PoC (MS11-011)

No description provided by source. / Exploit Title: MS11-011CVE-2011-0045: MS Windows XP WmiTraceMessageVa Integer Truncation Vulnerability PoC Date: 2011-03-01 Author: Nikita Tarakanov CISS Research Team Software Link: Version: prior to MS11-011 Tested on: Win XP SP3 CVE : CVE-2011-0045 Status :...

nss: Integer truncation in certificate parsing (MFSA 2013-103)

Integer overflow in Mozilla Network Security Services NSS 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value...

Thunderbird < 24.1 NSS and NSPR Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird is earlier than 24.1.1 and is, therefore, potentially affected by the following vulnerabilities : - An error exists related to handling input greater than half the maximum size of the 'PRUint32' value. CVE-2013-1741 - An error exists in the 'NullCipher' functi...

SeaMonkey < 2.22.1 NSS and NSPR Multiple Vulnerabilities

The installed version of SeaMonkey is a version prior to 2.22.1 and is, therefore, potentially affected by the following vulnerabilities : - An error exists related to handling input greater than half the maximum size of the 'PRUint32' value. CVE-2013-1741 - An error exists in the 'NullCipher'...

Firefox < 25.0.1 NSS and NSPR Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is a version prior to 25.0.1 and is, therefore, potentially affected by the following vulnerabilities : - An error exists related to handling input greater than half the maximum size of the 'PRUint32' value. CVE-2013-1741 - An error exists in the 'NullCipher'...

Input validation

The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service system hang by triggering a truncation error...

Integer overflow

The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service infinite loop and device hang via a crafted application, related to an "integer truncation vulnerability."...