678 matches found
[SECURITY] [DSA 1546-1] New gnumeric packages fix arbitrary code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1546-1 [email protected] http://www.debian.org/security/ Devin Carraway April 10, 2008 http://www.debian.org/security/faq -...
CVE-2008-1489
Integer overflow in the MP4ReadBoxrdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984...
CVE-2008-0986
Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field...
Firebird 2.0.3 Relational Database - protocol.cpp XDR Protocol Remote Memory Corruption
Firebird 2.0.3 Relational Database - protocol.cpp XDR Protocol Remote Memory Corruption source: https://www.securityfocus.com/bid/27403/info Firebird is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to...
Debian: Security Advisory (DSA-333)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DTSA-76-1 mono - integer overflow
Bulletin has no description...
openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-2056)
This update fixes an integer overflow vulnerability when rendering CID-keyed fonts CVE-2006-3739/CVE-2006-3740. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update xorg-x11-server-2056. The text...
EUVD-2007-2826
Integer overflow in the TIFF parser in OpenOffice.org OOo before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite StarSuite; allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of...
CVE-2007-2799
Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert statement. NOTE: this issue is due to an...
NetBSD ktruser integer overflow
No description provided...
PHP < 4.5.0 - Unserialize Overflow (Metasploit)
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'PHP 4...
MOAB-10-01-2007: Apple DMG UFS ffs_mountfs() Integer Overflow Vulnerability
Summary The ffsmountfs function, part of the UFS filesystem handling code shared between FreeBSD and Mac OS X XNU is affected by an integer overflow vulnerability, leading to an exploitable denial of service condition and potential arbitrary code execution. This issue is related to those publishe...
Snort GRE报文解码整数溢出漏洞
Snort是广泛部署的开放源码网络入侵检测系统(IDS)。很多其他IDS产品中也使用了Snort及其组件。 Snort的decode.c文件中DecodeGRE函数在解码GRE协议时存在整数溢出漏洞,攻击者可能利用此漏洞获取某些敏感信息。 漏洞相关代码如下: ==BEGIN CODE== ... line 3459 decode.c void DecodeGREuint8t pkt, const uint32t len, Packet p uint8t flags; uint32t hlen; / GRE header length / uint32t payloadlen;...
Solaris 10 - sysinfo() Local Kernel Memory Disclosure (1)
Solaris 10 - sysinfo Local Kernel Memory Disclosure 1 / Sun Microsystems Solaris sysinfo Kernel Memory Disclosure exploit =================================================================== Local exploitation of an integer overflow vulnerability in Sun Microsystems Inc. Solaris allows attackers t...
CVE-2006-3376
Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including 1 wv, 2 abiword, 3 freetype, 4 gimp, 5 libgsf, and 6 imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file...
[Full-disclosure] [ GLSA 200503-13 ] mlterm: Integer overflow vulnerability
Gentoo Linux Security Advisory GLSA 200503-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
CVE-2004-0888
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service crash and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889...
Evolution: Integer overflow in camel-lock-helper
Background Evolution is a GNOME groupware application similar to Microsoft Outlook. Description Max Vozeler discovered an integer overflow in the camel-lock-helper application, which is installed as setgid mail by default. Impact A local attacker could exploit this vulnerability to execute...
LibTIFF vulnerable to integer overflow in the TIFFFetchStrip() routine
Overview An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. Description LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF. An integer overflow in the TIFFFetchStripThing routine within the tifdirread.c file may allow an attacker...
CVE-2004-0560
Integer overflow in gopher daemon gopherd 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted content of a certain size that triggers the overflow...