126 matches found
Google PDFium JBIG2 image ComposeToOpt2WithRect information disclosure vulnerability
Summary An exploitable out-of-bounds read on the heap vulnerability exists in the JBIG2 parsing code of Google Chrome version 67.0.3396.99. A specially crafted PDF document can trigger an out-of-bounds read, which can possibly lead to an information leak that could be used as part of an exploit. ...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Information Server
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. This includes the alternate chains certificate forgery vulnerability CVE-2015-1793. OpenSSL is used by the Progress Software DataDirect Connect ODBC drivers which are shipped as a component of IBM InfoSphere Information Server...
CVE-2018-3846
In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution...
Security update for clamav (important)
This update for clamav fixes the following issues: Security issues fixed: - CVE-2012-6706: VMSFDELTA filter inside the unrar implementation allows an arbitrary memory write bsc1045315. - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CH...
SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:0809-1)
This update for clamav fixes the following issues: Security issues fixed : - CVE-2012-6706: VMSFDELTA filter inside the unrar implementation allows an arbitrary memory write bsc1045315. - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted C...
Fedora 27 : clamav (2018-602b5345fa)
Update to 0.99.4 0.99.4 addresses a few outstanding vulnerability bugs. It includes fixes for : - CVE-2012-6706 - CVE-2017-6419 - CVE-2017-11423 - CVE-2018-1000085 There are also a few bug fixes that were not assigned CVEs, but were important enough to address while we had the chance. One of thes...
CVE-2017-15094
An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or...
Asterisk pjproject Header DoS Vulnerability
Asterisk is prone to a buffer overflow vulnerability which leads to a denial of service. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord Memory Corruption Vulnerability(CVE-2016-3591)
Description Partially controlled memory write vulnerability exists in Mac Works Database file format parsing code of Oracle Outside In Technology Content Access SDK. An unchecked pointer arithmetic causes an out of bounds memory write which can lead to denial of service or possibly code execution...
Updated openvpn packages fix security vulnerabilities
It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were known CVE-2017-7508. Some parts of the...
CVE-2017-11145
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelibmeridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c out-of-bounds reads affecting the...
CVE-2017-11145
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelibmeridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c out-of-bounds reads affecting the...
Out-of-bounds
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelibmeridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c out-of-bounds reads affecting the...
CVE-2017-2784
CVE-2017-2784 affects ARM mbed TLS. A crafted X.509 certificate can trigger an invalid free of a stack pointer during parsing, potentially enabling remote code execution. Affected versions: mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. Impact includes remote code execution or ...
Design/Logic Flaw
The unformat24bitcolor function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service heap corruption and crash via an incomplete 24bit color code...
CVE-2016-7045
The formatsendtogui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service heap corruption and crash via vectors involving the length of a string...
CVE-2016-7044
The CVE-2016-7044 issue affects Irssi prior to 0.8.20 where the unformat_24bit_color function in the format parsing code, when compiled with true-color enabled, can be triggered by an incomplete 24bit color code to cause heap corruption and a remote denial of service. The public material ties thi...
CVE-2016-7044
The unformat24bitcolor function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service heap corruption and crash via an incomplete 24bit color code...
CVE-2016-7045
The formatsendtogui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service heap corruption and crash via vectors involving the length of a string...
Debian DSA-3672-1 : irssi - security update
Gabriel Campana and Adrien Guinet from Quarkslab discovered two remotely exploitable crash and heap corruption vulnerabilities in the format parsing code in Irssi, a terminal based IRC client. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...