EUVD-2018-2275

Malware in sbrugna...

Use after free in File#initilialize_copy

In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::Fileinitilializecopy. An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code...

CVE-2018-1000041

GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable v...

Wireshark 2.2.7 'profinet/packet-dcerpc-pn-io.c' DoS Vulnerability - Windows

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

openldap: denial of service

By sending a crafted packet, an attacker can cause the OpenLDAP daemon to crash with a SIGABRT. This is due to an assert call within the bergetnext method io.c line 682 that is hit when decoding tampered BER data. The following proof of concept exploit can be used to trigger the condition: echo...

OpenLDAP 2.4.42 - ber_get_next Denial of Service

Exploit Title: OpenLDAP 2.4.42 bergetnext DOS Date: 11/09/15 Exploit Author: Denis Andzakovic - Security-Assessment.com Vendor Homepage: http://www.openldap.org/ Software Link: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.42.tgz Version: Y Y \ / /| / \ /||| / / /.-. / /:wq...

Oracle Solaris Third-Party Patch Update : gimp (cve_2012_3236_buffer_overflow)

The remote Solaris system is missing necessary patches to address security updates : - fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a malformed XTENSION header of a .fit file, as demonstrated using a long...

Null pointer dereference

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a malformed XTENSION header of a .fit file, as demonstrated using a long string...

CVE-2012-3236

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a malformed XTENSION header of a .fit file, as demonstrated using a long string...

CVE-2012-3236

CVE-2012-3236 affects GIMP via fits-io.c: fits-io.c in GIMP before 2.8.1 allows a remote attacker to cause a denial of service (NULL pointer dereference and crash) by presenting a malformed FIT header in a .fit file. Connected advisories (Mandriva/openSUSE/SUSE/OpenVAS/NASL entries) confirm remed...

Design/Logic Flaw

fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service OOPS, as demonstrated by a certain fio test...

CVE-2008-2952

OpenLDAP vulnerability CVE-2008-2952 affects liblber in OpenLDAP 2.2.4–2.4.10. A remote, unauthenticated attacker can trigger a denial of service by sending crafted ASN.1 BER datagrams that cause an assertion error in io.c, leading to slapd termination. Several distributions patched this issue (e...