SDL_image无效GIF文件LWZ Minimum Code Size远程缓冲区溢出漏洞

BUGTRAQ ID: 27417 SDLImage是用于处理图形文件的开源函数库。 SDLImage在处理畸形格式的图形文件时存在漏洞，远程攻击者可能利用此漏洞通过诱使用户处理恶意文件控制用户系统。 SDLImage库没有正确地处理Table Based Image Data头中带有无效LWZ Minimum Code Size的图形文件。标准允许代码的最大大小为12位，但SDLimage没有执行检查，因此可能触发缓冲区溢出。以下是IMGgif.c文件的ReadImage函数中的漏洞代码： ... unsigned char c; ... if LWZReadBytesrc, TRUE...

dhcpd stack-based buffer overlow

Stack-based buffer overflow in the consoptions function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service daemon crash via a DHCP request specifying a maximum...

security flaw

The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service crash via an ext2 stream with malformed data structures that triggers an error in the ext2checkpage due to a length that is smaller than the minimum...

CVE-2006-6054

The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service crash via an ext2 stream with malformed data structures that triggers an error in the ext2checkpage due to a length that is smaller than the minimum...

CVE-2005-3254

The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian...

CVS "history" command may disclose sensitive information

Overview A vulnerability exists in the history command of Concurrent Versions System CVS. If exploited, this vulnerability could disclose sensitive information about files and directories on an affected system to a remote, authenticated CVS user. Description Concurrent Versions System CVS is a...

ISC DHCPD NSUPDATE MiniRes Library Remote Buffer Overflow Vulnerabilities

Description Multiple buffer overflow vulnerabilities have been reported for the ISC DHCPD service. The vulnerability occurs when the DHCP server is configured to dynamically update records. The vulnerability exists in the library used by NSUPDATE to resolve hostnames. An attacker can exploit thes...

Snort 1.8.3 - ICMP Denial of Service

source: https://www.securityfocus.com/bid/3849/info Snort is a network intrusion detection system IDS. It is originally written for Linux and Unix systems, although it has also been ported to run under Microsoft Windows. Snort is capable of flexible and powerful content analysis of network traffi...

Host Integration Server 2004

Category for Host Integration Server 2004 release. It requires RTM as the minimum version...

.NET Framework minimum disk space check

This is to detect if there is some minimum space available for .NET product to install successfully...