DEBIAN-CVE-2017-14057

In FFmpeg 3.3.3, a DoS in asfreadmarker due to lack of an EOF End of File check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "namelen" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name an...

GraphicsMagick Denial of Service Vulnerability (CNVD-2017-24319)

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A denial of service vulnerability exists in the 'ReadJNXImage' function in the coders/jnx.c file in GraphicsMagick version 1.3.26. An attacker can exploit th...

DEBIAN-CVE-2017-13776

GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it...

CVE-2017-13777

GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it...

Low: Red Hat Security Advisory: rh-nginx110-nginx security update

An update for rh-nginx110-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

[SECURITY] Fedora 26 Update: nginx-1.12.1-1.fc26

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

OpenJDK: insecure XML parsing in wsdlimport (JAX-WS, 8182054)

It was discovered that the wsdlimport tool in the JAX-WS component of OpenJDK did not use secure XML parser settings when parsing WSDL XML documents. A specially crafted WSDL document could cause wsdlimport to use an excessive amount of CPU and memory, open connections to other hosts, or leak...

OpenJDK: reading of unprocessed image data in JPEGImageReader (2D, 8169209)

It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory...

ImageMagick Denial of Service Vulnerability (CNVD-2017-236955)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A denial of service vulnerability exists in the 'formatIPTC' function of the coders/meta.c file in ImageMagick version...

OpenJDK: reading of unprocessed image data in JPEGImageReader (2D, 8169209)

It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory...

Fedora 25 : subversion (2017-b9e4c24094)

This update includes the latest stable release of Apache Subversion, version 1.9.6. User-visible changes: Client-side bugfixes : - cp/mv: improve error message when target is an unversioned dir - merge: reduce memory usage with large amounts of mergeinfo issue 4667 Server-side bugfixes : -...

Fedora 26 : subversion (2017-704c201dbb)

This update includes the latest stable release of Apache Subversion, version 1.9.6. User-visible changes: Client-side bugfixes : - cp/mv: improve error message when target is an unversioned dir - merge: reduce memory usage with large amounts of mergeinfo issue 4667 Server-side bugfixes : -...

DEBIAN-CVE-2016-7539

Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service memory consumption via unspecified vectors...

CVE-2017-7063

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service memory consumption and application crash...

OpenJDK: reading of unprocessed image data in JPEGImageReader (2D, 8169209)

It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory...

OpenJDK: insecure XML parsing in wsdlimport (JAX-WS, 8182054)

It was discovered that the wsdlimport tool in the JAX-WS component of OpenJDK did not use secure XML parser settings when parsing WSDL XML documents. A specially crafted WSDL document could cause wsdlimport to use an excessive amount of CPU and memory, open connections to other hosts, or leak...

OpenJDK: reading of unprocessed image data in JPEGImageReader (2D, 8169209)

It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory...

My first working week with Opera Reborn

So, last Monday I changed my Chrome to the new Opera. It was an experiment to feel how is it “really” different from Chrome. I should mention before writing this post two important things about my background: 1. I was an Opera user since 2003 to 2010 and then moved to Chrome because of the many...

High memory usage UPM

There is high memory usage of process userProfileManager.exe on all servers after upgrading to UPM 5.7...

CVE-2017-4903

CVE-2017-4903 corresponds to an uninitialized stack memory usage in SVGA affecting VMware products. Affected: ESXi 6.5 and older 6.x/5.5 builds listed as without patches (e.g., ESXi650-201703410-SG; ESXi600-201703401-SG; ESXi600-201703403-SG; ESXi600-201703402-SG; ESXi550-201703401-SG); Workstati...