CVE-2017-14496

Integer underflow in the addpseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request...

[ASA-201710-1] dnsmasq: multiple issues

Arch Linux Security Advisory ASA-201710-1 ========================================= Severity: Critical Date : 2017-10-02 CVE-ID : CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Package : dnsmasq Type : multiple issues Remote : Yes Link :...

Dnsmasq < 2.78 - Integer Underflow

''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14496.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html dnsmasq is vulnerable only if one of the following option is specified: --add-mac,...

CVE-2017-14796

The hevcwriteframe function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service integer underflow and application crash or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copyCTBtohv in hevcfilter.c in libavcodec in...

CVE-2017-14796

The hevcwriteframe function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service integer underflow and application crash or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copyCTBtohv in hevcfilter.c in libavcodec in...

CVE-2017-14796

The hevcwriteframe function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service integer underflow and application crash or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copyCTBtohv in hevcfilter.c in libavcodec in...

CVE-2017-14796

The CVE-2017-14796 vulnerability affects libbpg 0.9.7, specifically the hevc_write_frame path in libbpg.c. The issue is a denial of service via an integer underflow when processing crafted BPG images, with related interaction in copy_CTB_to_hv (hevc_filter.c) and sao_filter_CTB (hevc_filter.c) in...

FreeBSD : ledger -- multiple vulnerabilities (d843a984-7f22-484f-ba81-483ddbe30dc3)

Talos reports : An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. ...

CVE-2017-13704

An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the DNS code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash...

Libbpg BGP image decoding Code Execution Vulnerability(CVE-2016-8710)

Summary An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be...

Ichitaro Office Excel File Code Execution Vulnerability(CVE-2017-2790)

Summary A vulnerability was discovered within the Ichitaro word processor. Ichitaro is published by JustSystems and is considered one of the more popular word processors used within Japan. Ichitaro handles Microsoft Excel's .xls file format. When processing a record type of 0x3c from a Workbook...

mysql: integer underflow in get_56_lenc_string() leading to DoS (CPU Apr 2017)

An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote attacker with access to the MySQL port could use this flaw to crash the mysqld daemon...

openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function

An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPTQUEUEGETCONFIGREPLY messages in Open vSwitch OvS. An attacker could use this issue to cause a remote denial of service attack...

Integer Underflow

ovs is vulnerable to integer underflows. The library does not properly check memory size in the ofputilpullqueuegetconfigreply10 function in lib\ofp-util.c, causing an integer underflow that can crash the application or overwrite memory...

openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function

An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPTQUEUEGETCONFIGREPLY messages in Open vSwitch OvS. An attacker could use this issue to cause a remote denial of service attack...

openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function

An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPTQUEUEGETCONFIGREPLY messages in Open vSwitch OvS. An attacker could use this issue to cause a remote denial of service attack...

Multiple Bluetooth implementation vulnerabilities affect many devices

Overview A collection of Bluetooth implementation vulnerabilities known as "BlueBorne" has been released. These vulnerabilities collectively affect Windows, iOS, and Linux-kernel-based operating systems including Android and Tizen, and may in worst case allow an unauthenticated attacker to perfor...

Security update for gdk-pixbuf (important)

This update for gdk-pixbuf fixes the following issues: - CVE-2017-2862: JPEG gdkpixbufjpegimageloadincrement Code Execution Vulnerability bsc1048289 - CVE-2017-2870: tiffimageparse Code Execution Vulnerability bsc1048544 - CVE-2017-6313: A dangerous integer underflow in io-icns.c bsc1027024 -...

SUSE SLED12 / SLES12 Security Update : gdk-pixbuf (SUSE-SU-2017:2381-1)

This update for gdk-pixbuf fixes the following issues : - CVE-2017-2862: JPEG gdkpixbufjpegimageloadincrement Code Execution Vulnerability bsc1048289 - CVE-2017-2870: tiffimageparse Code Execution Vulnerability bsc1048544 - CVE-2017-6313: A dangerous integer underflow in io-icns.c bsc1027024 -...

openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function

An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPTQUEUEGETCONFIGREPLY messages in Open vSwitch OvS. An attacker could use this issue to cause a remote denial of service attack...