DEBIAN-CVE-2017-6209

Stack-based buffer overflow in the parseidentifier function in tgsitext.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service out-of-bounds array access and QEMU process crash via vectors related to parsing...

DEBIAN-CVE-2017-6435

The parsestringnode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service memory corruption via a crafted plist file...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write. Heap-based buffer overflow in the parseunicodenode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service out-of-bounds write and possibly code execution via a crafted...

Resource Management Errors

Overview Affected versions of this package are vulnerable to Resource Management Errors. The parsestringnode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service memory allocation error via a crafted plist file. Remediation There is no fixed versi...

CVE-2017-6440

The parsedatanode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service memory allocation error via a crafted plist file...

GNU Wget CRLF Injection Vulnerability (CNVD-2017-03817)

GNU Wget is a set of free software developed by the GNU Project for downloading over the Internet, which supports downloading over the three most common TCP/IP protocols: HTTP, HTTPS, and FTP. A CRLF injection vulnerability exists in the 'urlparse' function of the url.c file in GNU Wget 1.19.1 an...

DEBIAN-CVE-2017-6508

CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL...

UBUNTU-CVE-2017-6508

CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL...

ALPINE-CVE-2016-10244

The parsecharstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service heap-based buffer over-read or possibly have unspecified other impact via a crafted file...

UBUNTU-CVE-2016-10244

The parsecharstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service heap-based buffer over-read or possibly have unspecified other impact via a crafted file...

AZL-36954 CVE-2017-5834 affecting package libplist 2.7.0-1

The parsedictnode function in bplist.c in libplist allows attackers to cause a denial of service out-of-bounds heap read and crash via a crafted file...

AZL-7267 CVE-2017-5834 affecting package libplist 2.1.0-4

The parsedictnode function in bplist.c in libplist allows attackers to cause a denial of service out-of-bounds heap read and crash via a crafted file...

CVE-2017-5834

The parsedictnode function in bplist.c in libplist allows attackers to cause a denial of service out-of-bounds heap read and crash via a crafted file...

Rapid7 Metasploit Directory Traversal Vulnerability

Metasploit Pro is a guided penetration testing platform. A directory traversal vulnerability exists in the Meterpreter extapi Clipboard.parsedump function in versions prior to Rapid7 Metasploit 4.13.0-2017020701. An attacker can exploit the vulnerability to write arbitrary files on the Metasploit...

CVE-2017-5229

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parsedump function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console...

radare2 denial of service vulnerability (CNVD-2017-02721)

radare2 is an open source reverse engineering flat. A denial of service vulnerability in the dexparsedebugitem function in libr/bin/p/bindex.c in radare2 version 1.2.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted DEX file...

UBUNTU-CVE-2017-6309

An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parsefile function. These might lead to invalid read and write operations, controlled by an attacker...

CVE-2017-6309

An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parsefile function. These might lead to invalid read and write operations, controlled by an attacker...

tnef 'parse_file()' function denial of service vulnerability

tnef is a set of programs for decompressing MIME attachments. A security vulnerability in the tnef 'parsefile' function allows an attacker to exploit the vulnerability to submit a special file for a denial-of-service attack that could crash the application...

UBUNTU-CVE-2016-9831

Heap-based buffer overflow in the parseSWFRGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file...