RHEL 2.1 / 3 : tetex (RHSA-2005:354)

Updated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as...

USN-99-1: PHP4 vulnerabilities

Stefano Di Paola discovered integer overflows in PHP's pack and unpack functions. A malicious PHP script could exploit these to break out of safe mode and execute arbitrary code with the privileges of the PHP interpreter. CAN-2004-1018 Note: The second part of CAN-2004-1018 buffer overflow in the...

CVE-2005-0639

Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files...

CVE-2005-0639

CVE-2005-0639 (and CVE-2005-0638) affect the xli image viewer prior to 1.17. The vulnerabilities arise from buffer management errors in processing certain image properties and possible integer overflows in PPM files, which may allow a remote attacker to execute arbitrary code. Several advisories ...

CVE-2005-0639

Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files...

CVE-2005-0639

Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files...

CVE-2005-0467

Multiple integer overflows in the 1 sftppktgetstring and 2 fxpreaddirrecv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been...

CVE-2005-0467

Multiple integer overflows in the 1 sftppktgetstring and 2 fxpreaddirrecv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been...

security flaw

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service crash and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889...

GLSA-200501-13 : pdftohtml: Vulnerabilities in included Xpdf

The remote host is affected by the vulnerability described in GLSA-200501-13 pdftohtml: Vulnerabilities in included Xpdf Xpdf is vulnerable to integer overflows, as described in GLSA 200412-24. Impact : An attacker could entice a user to convert a specially crafted PDF file, potentially resulting...

GLSA-200501-17 : KPdf, KOffice: More vulnerabilities in included Xpdf

The remote host is affected by the vulnerability described in GLSA-200501-17 KPdf, KOffice: More vulnerabilities in included Xpdf KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is vulnerable to multiple new integer overflows, as described in GLSA 200412-24. Impact : An attacker...

xli -- integer overflows in image size calculations

Tavis Ormandy discovered several integer overflows in xli's image size handling. A maliciously crafted image may be able to cause a heap buffer overflow and execute arbitrary code...

CVE-2004-0886

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service crash or memory corruption via TIFF images that lead to incorrect malloc calls...

CVE-2004-0889

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service crash and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888...

DEBIAN-CVE-2004-0886

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service crash or memory corruption via TIFF images that lead to incorrect malloc calls...

CVE-2004-0886

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service crash or memory corruption via TIFF images that lead to incorrect malloc calls...

CVE-2004-0889

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service crash and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888...

KPdf, KOffice: More vulnerabilities in included Xpdf

Background KPdf is a KDE-based PDF viewer included in the kdegraphics package. KOffice is an integrated office suite for KDE. Description KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is vulnerable to multiple new integer overflows, as described in GLSA 200412-24. Impact An...

DEBIAN-CVE-2004-1026

Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service application crash and execute arbitrary code via certain image files...

CVE-2004-0914

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include 1 multiple integer overflows, 2 out-of-bounds memory accesses, 3 directory traversal, 4 shell metacharacter, 5 endless loops, and 6 memory leaks, which could allow remote attackers to obtain...