SuSE 10 Security Update : imlib2-loaders (ZYPP Patch Number 2261)

Various security problems have been fixed in the imlib2 image loaders : - A stack-based buffer overflow in loaderpnm.c could be used by attackers to execute code by supplying a handcrafted PNM image. CVE-2006-4809 - A heap buffer overflow in loadertga.c could potentially be used by attackers to...

SuSE 10 Security Update : Xorg X11 (ZYPP Patch Number 3083)

Integer overflows in the XC-MISC extension of the X-server could potentially be exploited to execute code with root privileges. CVE-2007-1003 Integer overflows in libx11 could cause crashes. CVE-2007-1667 Integer overflows in the font handling of the X-server could potentially be exploited to...

GLSA-200712-04 : Cairo: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200712-04 Cairo: User-assisted execution of arbitrary code Multiple integer overflows were reported, one of which Peter Valchev Google Security found to be leading to a heap-based buffer overflow in the...

Mandrake Linux Security Advisory : e2fsprogs (MDKSA-2007:242)

Rafal Wojtczuk of McAfee AVERT Research found that e2fsprogs contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These flaws could result in heap-based overflows potentially allowing for the execution of arbitrary code. The update...

Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : e2fsprogs vulnerability (USN-555-1)

Rafal Wojtczuk discovered multiple integer overflows in e2fsprogs. If a user or automated system were tricked into fscking a malicious ext2/ext3 filesystem, a remote attacker could execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding...

Debian DSA-1422-1 : e2fsprogs - integer overflows

Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, the ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing t...

[SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1422 [email protected] http://www.debian.org/security/ Steve Kemp December 07, 2007 http://www.debian.org/security/faq -...

e2fsprogs utilities multiple security vulnerabilities

Multiple integer overflows...

[SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1422 [email protected] http://www.debian.org/security/ Steve Kemp December 07, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

CVE-2007-5497

Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image...

CVE-2007-5497

Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image...

DTSA-95-1 e2fsprogs - multiple integer overflows

Bulletin has no description...

openSUSE 10 Security Update : e2fsprogs (e2fsprogs-4739)

This update of e2fsprogs fixes several integer overflows in memory allocating code. Programs that use libext2fs are therefore vulnerable to memory corruptions that can lead to arbitrary code execution while loading a specially crafted image. CVE-2007-5497 %NASLMINLEVEL 70300 C Tenable Network...

Ubuntu 7.10 : php5 regression (USN-549-2)

USN-549-1 fixed vulnerabilities in PHP. However, some upstream changes were incomplete, which caused crashes in certain situations with Ubuntu 7.10. This update fixes the problem. We apologize for the inconvenience. It was discovered that the wordwrap function did not correctly check lengths...

CVE-2007-5503

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the readpng function...

CVE-2007-5503

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the readpng function...

CVE-2007-5503

CVE-2007-5503 relates to Cairo before 1.4.12, where multiple integer overflows in the read_png function can allow remote attackers to execute arbitrary code via a crafted PNG file. The issue affects Cairo’s PNG handling and is addressed by upgrading Cairo to 1.4.12 or later (vulnerable code path:...

CVE-2007-4347

Multiple integer overflows in the Job Engine bengine.exe service in Symantec Backup Exec for Windows Servers BEWS 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service CPU and memory consumption via a crafted packet to port 5633/tcp, which triggers an infinite lo...

PT-2007-1121 · Cairo +1 · Cairo +1

Name of the Vulnerable Software and Affected Versions: Cairo versions prior to 1.4.12 Description: The issue is related to multiple integer overflows that may allow remote attackers to execute arbitrary code. This can be achieved by using a crafted PNG image with large width and height values,...

Ubuntu 5.04 / 5.10 / 6.06 LTS : ffmpeg, xine-lib vulnerabilities (USN-358-1)

XFOCUS Security Team discovered that the AVI decoder used in xine-lib did not correctly validate certain headers. By tricking a user into playing an AVI with malicious headers, an attacker could execute arbitrary code with the target user's privileges. CVE-2006-4799 Multiple integer overflows wer...