Heap-Based Buffer Overflow

JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly,...

Arbitrary Code Execution

LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash o...

Oracle: Security Advisory (ELSA-2012-0069)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 : rhev-hypervisor (RHSA-2015:1713)

Updated rhev-hypervisor packages that fix multiple security issues, several bugs, and add various enhancements are now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Important: Red Hat Security Advisory: rhev-hypervisor security, bug fix, and enhancement update

Updated rhev-hypervisor packages that fix multiple security issues, several bugs, and add various enhancements are now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

[oCERT-2015-009] VLC arbitrary pointer dereference

2015-009 VLC arbitrary pointer dereference Description: The VLC media player is an open source media player and streaming media server. The stable VLC version suffers from an arbitrary pointer dereference vulnerability. The vulnerability affects the 3GP file format parser, insufficient restrictio...

dcraw -- integer overflow condition

ocert reports: The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpegstart function. A malicious...

RHEL 6 : rhevm-spice-client (RHSA-2015:0698) (POODLE)

Updated rhevm-spice-client packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Virtualization Manager 3. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System...

CentOS 6 / 7 : unzip (CESA-2015:0700)

Updated unzip packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Important: Red Hat Security Advisory: rhevm-spice-client security, bug fix, and enhancement update

Updated rhevm-spice-client packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Virtualization Manager 3. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System...

FreeBSD : e2fsprogs -- buffer overflow if s_first_meta_bg too big (0f488b7b-bbb9-11e4-903c-080027ef73ec)

Theodore Ts'o reports : If sfirstmetabg is greater than the of number block group descriptor blocks, then reading or writing the block group descriptors will end up overruning the memory buffer allocated for the descriptors. The finding is credited to a vulnerability report from Jose Duart of...

[oCERT-2015-002] e2fsprogs input sanitization errors

2015-002 e2fsprogs input sanitization errors Description: The e2fsprogs package is a set of open source utilities for ext2, ext3 and ext4 filesytems. The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information...

RHEL 6 : libvncserver (RHSA-2015:0113)

Updated libvncserver packages that fix two security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

CentOS 6 / 7 : jasper (CESA-2015:0074)

Updated jasper packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availabl...

CentOS Update for jasper CESA-2015:0074 centos7

Check the version of jasper SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882103";...

jasper security update

CentOS Errata and Security Advisory CESA-2015:0074 Updated jasper packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...

[oCERT-2014-011] UnZip input sanitization errors

2014-011 UnZip input sanitization errors Description: The UnZip tool is an open source extraction utility for archives compressed in the zip format. The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification, the testcompreb and the getZip64Data functions...

oCERT Releases Advisory for Unpatched UnZip Vulnerability

The Open Source Computer Security Incident Response Team oCERT has released an advisory addressing vulnerabilities in all versions of UnZip. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system if a user opens a specially crafted zip file. US-CER...

CentOS 6 / 7 : jasper (CESA-2014:2021)

Updated jasper packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

[oCERT-2014-009] JasPer input sanitization errors

2014-009 JasPer input sanitization errors Description: The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by two heap-based buffer overflows which can lead to arbitrary code execution. The vulnerability is present in functions jpcdeccpsetfromcox a...