libXrandr: Multiple integer overflows leading to heap-based bufer overflows

Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the 1 XRRQueryOutputProperty and 2 XRRQueryProviderProperty functions...

libXi: Multiple integer overflows leading to heap-based buffer-overflows

Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the 1 XGetDeviceControl, 2 XGetFeedbackControl, 3 XGetDeviceDontPropagateList, 4 XGetDeviceMotionEvents, 5 XIGetProperty, 6...

libXext: Multiple integer overflows leading to heap-based buffer-overflows

Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the 1 XcupGetReservedColormapEntries, 2 XcupStoreColors, 3 XdbeGetVisualInfo, 4 XeviGetVisualInfo, 5 XShapeGetRectangles, and 6...

Amazon Linux AMI : kernel (ALAS-2014-368)

arch/x86/kernel/entry32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service OOPS and system crash via an invalid syscall number, as demonstrated by number 1000. Array...

Amazon Linux AMI : libXfont (ALAS-2014-404)

Multiple integer overflows in the 1 fsgetreply, 2 fsallocglyphs, and 3 fsreadextentinfo functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. Multiple buffer overflows in...

Amazon Linux AMI : libXext (ALAS-2014-403)

Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the 1 XcupGetReservedColormapEntries, 2 XcupStoreColors, 3 XdbeGetVisualInfo, 4 XeviGetVisualInfo, 5 XShapeGetRectangles, and 6...

More Mac OS X and iPhone sandbox escapes and kernel bugs

Posted by Ian Beer A couple of weeks ago Apple released OS X 10.9.5 and iOS 8 which fixed a number of sandbox escapes and privilege escalation bugs found by Project Zero. All-bar-one of these bugs were found via manual source code auditing where there was source and binary analysis where there...

CVE-2014-6269

Multiple integer overflows in the httprequestforwardbody function in protohttp.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service crash via a large stream of data, which triggers a buffer overflow and an out-of-bounds read...

Medium: libXfont

Issue Overview: Multiple integer overflows in the 1 fsgetreply, 2 fsallocglyphs, and 3 fsreadextentinfo functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. Multiple...

Medium: libXext

Issue Overview: Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the 1 XcupGetReservedColormapEntries, 2 XcupStoreColors, 3 XdbeGetVisualInfo, 4 XeviGetVisualInfo, 5...

CVE-2014-5508

Multiple integer overflows in the HelpServ module mod-helpserv.c in srvx 1.3.1 allow remote authenticated IRCops or HelpServ bot managers to cause a denial of service infinite loop via a large value in the EmptyInterval parameter or certain other interval configurations...

Mandriva Linux Security Advisory : kernel (MDVSA-2014:155)

Multiple vulnerabilities has been found and corrected in the Linux kernel : Multiple buffer overflows in drivers/staging/wlags49h2/wlpriv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAPNETADMIN...

ffmpeg / libav multiple security vulnerabilities

Integer overflows, memory corruptions, buffer overflows, etc...

SuSE 11.3 Security Update : cabextract (SAT Patch Number 9437)

cabextract was updated to fix two security issues : - A potential endless loop in decoding files. CVE-2010-2800 - Memory corruption due to integer overflows in buffer read handling. CVE-2010-2801 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Medium: kernel

Issue Overview: arch/x86/kernel/entry32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service OOPS and system crash via an invalid syscall number, as demonstrated by numbe...

MGASA-2014-0287 Updated freerdp packages fix two vulnerabilities

Updated freerdp packages fix security vulnerabilities: Integer overflows in memory allocations in client/X11/xfgraphics.c in FreeRDP through 1.0.2 allows remote RDP servers to have an unspecified impact through unspecified vectors CVE-2014-0250. Integer overflow in the licensereadscopelist functi...

CVE-2014-4656

Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to 1 index values in the sndctladd function and 2 numid values in the...

CVE-2014-4608

Multiple integer overflows in the lzo1xdecompresssafe function in lib/lzo/lzo1xdecompresssafe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service memory corruption via a crafted Literal Run. NOTE: the author of the LZO...

CVE-2014-4608

CVE-2014-4608 refers to multiple integer overflows in the LZO decompressor (lzo1x_decompress_safe) in the Linux kernel before 3.15.2, which can cause memory corruption and denial of service via a crafted Literal Run. Some advisories note the Linux kernel is not affected (media hype), while securi...

CVE-2014-4608

Multiple integer overflows in the lzo1xdecompresssafe function in lib/lzo/lzo1xdecompresssafe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service memory corruption via a crafted Literal Run. NOTE: the author of the LZO...