30 matches found
libxml2: Multiple vulnerabilities
Background libxml2 is the XML eXtended Markup Language C parser and toolkit initially developed for the Gnome project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user...
GLSA-201710-10 : elfutils: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201710-10 elfutils: Multiple vulnerabilities Multiple vulnerabilities have been discovered in elfutils. Please review the referenced CVE identifiers for details. Impact : A remote attacker could possibly cause a Denial of Service...
WebKitGTK+: Multiple Vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, offers Webkit’s full functionality and is used on a wide range of systems. Description Multiple vulnerabilities have been discovered in WebkitGTK+. Please...
GNU Libtasn1: Multiple vulnerabilities
Background A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functions. Description Multiple vulnerabilities have been discovered in...
WebKitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, offers Webkit’s full functionality and is used on a wide range of systems. Description Multiple vulnerabilities have been discovered in WebkitGTK+. Please...
Kpathsea: User-assisted execution of arbitrary code
Background Kpathsea is a library to do path searching. It is used by TeX Live and others TeX related software. Description It was discovered that the mpost program from the shellescapecommands list is capable of executing arbitrary external programs during the conversion of .tex files. The...
GDK-PixBuf: Multiple vulnerabilities
Background GDK-PixBuf is an image loading library for GTK+. Description Multiple vulnerabilities have been discovered in GDK-PixBuf. Please review the referenced CVE identifiers for details. Impact A remote attacker, by sending a specially crafted TIFF, JPEG, or URL, could execute arbitrary code...
LittleCMS: Denial of service
Background LittleCMS, or short lcms, is a color management system for working with ICC profiles. It is used by many applications including GIMP and Firefox. Description Multiple stack-based buffer overflows and a profile parser error have been found in LittleCMS. Impact A remote attacker could...
libxml2: Denial of service
Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled. Impact A context-dependent attacker could entice a user to a specially craft...
GLSA-201401-19 : GMime: Arbitrary code execution
The remote host is affected by the vulnerability described in GLSA-201401-19 GMime: Arbitrary code execution GMime contains a buffer overflow flaw in the GMIMEUUENCODELEN macro in gmime/gmime-encodings.h. Impact : A context-dependent attacker could possibly execute arbitrary code or cause a Denia...
GMime: Arbitrary code execution
Background GMime is a C/C++ library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME. Description GMime contains a buffer overflow flaw in the GMIMEUUENCODELEN macro in gmime/gmime-encodings.h. Impact A context-dependent attacker could...
Libgdiplus: Arbitrary code execution
Background Libgdiplus is the Mono library that provide a GDI+ comptible API on non-Windows operating systems. Description An integer overflow flaw has been discovered in Libgdiplus. Impact A remote attacker could entice a user to open a specially-crafted TIFF/JPEG/BMP file, potentially resulting ...
GLSA-201312-14 : libsndfile: Arbitrary code execution
The remote host is affected by the vulnerability described in GLSA-201312-14 libsndfile: Arbitrary code execution An integer overflow flaw has been discovered in Libsndfile. Impact : A remote attacker could entice a user to open a specially crafted PAF file using libsndfile, possibly resulting in...
libsmi: Arbitrary code execution
Background libsmi is a library that allows management applications to access SMI MIB module definitions. Description libsmi contains a buffer overflow vulnerability in the smiGetNode function in lib/smi.c. Impact A context-dependent attacker could possibly execute arbitrary code by way of a...
libtheora: Arbitrary code execution
Background libtheora is the reference implementation of Theora, a free and open video compression format from the Xiph.org Foundation. Description An integer overflow flaw has been discovered in libtheora. Impact A remote attacker could execute arbitrary code or cause a Denial of Service conditio...
QtCore, QtGui: Multiple vulnerabilities
Background The Qt toolkit is a comprehensive C++ application development framework. Description Multiple vulnerabilities have been discovered in QtCore and QtGui. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially craft...
libjpeg-turbo: User-assisted execution of arbitrary code
Background libjpeg-turbo accelerates JPEG compression and decompression. Description A vulnerability in the getsos function in jdmarker.c could cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted JPEG file in an application linked against...
Libtasn1: Denial of service
Background Libtasn1 is a library used to parse ASN.1 Abstract Syntax Notation One objects, and perform DER Distinguished Encoding Rules decoding. Description Libtasn1 does not properly handle length fields when performing DER decoding. Impact A remote attacker could entice a user to open a...
GLSA-201209-06 : Expat: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201209-06 Expat: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially...
Gentoo Security Advisory GLSA 201206-15 (libpng)
The remote host is missing updates announced in advisory GLSA 201206-15. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...