Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Open vSwitch vulnerabilities (USN-5890-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5890-1 advisory. Qian Chen discovered that Open vSwitch incorrectly handled certain Organization Specific TLVs. A remote attacker could use this...

Microsoft Windows Media Player Color Conversion Integer Underflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

K15401: OpenSSL vulnerability CVE-2012-2333

Security Advisory Description Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a...

K32582354: Multiple dnsmasq vulnerabilities

Security Advisory Description CVE-2017-14491 Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted DNS response. CVE-2017-14492 Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers ...

K52950150: CUPS vulnerability CVE-2014-9679

Security Advisory Description Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. CVE-2014-9679 Impact There is no impact; F5...

SUSE CVE-2004-0816

Integer underflow in the firewall logging rules for iptables in Linux before 2.6.8 allows remote attackers to cause a denial of service application crash via a malformed IP packet...

SUSE CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows...

SUSE CVE-2006-0747

Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service crash via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values...

SUSE CVE-2007-1536

Integer underflow in the fileprintf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow...

SUSE CVE-2007-2875

Integer underflow in the cpusettasksread function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file...

SUSE CVE-2007-4997

Integer underflow in the ieee80211rx function in net/ieee80211/ieee80211rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service crash via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211STYPEQOSDATA flag is set, aka an "off-by-two...

SUSE CVE-2007-5747

Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Quattro Pro QPRO file with crafted values that trigger an excessive loop and a stack-based buffer overflow...

SUSE CVE-2008-5241

Integer underflow in demuxqt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service crash via a crafted media file that results in a small value of moovatomsize in a compressed MOV aka CMOVATOM...

SUSE CVE-2009-0200

Integer underflow in OpenOffice.org OOo before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow...

SUSE CVE-2009-1385

Integer underflow in the e1000cleanrxirq function in drivers/net/e1000/e1000main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet aka e1000 before 7.5.5 allows remote attackers to cause a denial of service panic via a...

SUSE CVE-2009-3301

Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org OOo before 3.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document...

SUSE CVE-2011-1476

Integer underflow in the Open Sound System OSS subsystem in the Linux kernel before 2.6.39 on unspecified non-x86 platforms allows local users to cause a denial of service memory corruption by leveraging write access to /dev/sequencer...

SUSE CVE-2011-2175

Integer underflow in the visualread function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service application crash via a malformed Visual Networks file that triggers a heap-based buffer over-read...

SUSE CVE-2011-2998

Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via JavaScript code containing a large RegExp expression...

SUSE CVE-2012-2333

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...