CVE-2016-9176

Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code...

The vulnerability of the Thunderbird email client, the Firefox browser, and the SeaMonkey software suite allows a perpetrator to cause a service failure or execute arbitrary code.

The vulnerability of the Thunderbird email client, the Firefox browser, and the SeaMonkey software suite is caused by a buffer overflow in the stack. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure memory corruption, application termination by...

NVIDIA Driver - Stack Buffer Overflow in Escape 0x10000e9 Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=947 The escape handler for 0x10000e9 lacks bounds checks, and passes a user specified size as the size to memcpy, resulting in a stack buffer overflow: bool...

SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2681-1)

This update for php53 fixes the following issues : - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf bsc1004924 - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf bsc1005274 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...

SUSE-SU-2016:2683-2 Security update for php7

This update for php7 fixes the following security issue: - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp bsc1001900 - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf bsc1004924 -...

Rumba FTP Client 4.x - Remote Stack Buffer Overflow (SEH)

Rumba FTP Client 4.x - Remote Stack Buffer Overflow SEH Exploit Title: Rumba FTP 4.x Client Stackoverflow SEH Date: 29-10-2016 Exploit Author: Umit Aksu Vendor Homepage: http://community.microfocus.com/microfocus/mainframesolutions/rumba/w/knowledgebase/28731.rumba-ftp-4-x-security-update.aspx...

NVIDIA Driver - Stack Buffer Overflow in Escape 0x10000e9

NVIDIA Driver - Stack Buffer Overflow in Escape 0x10000e9 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=947 The escape handler for 0x10000e9 lacks bounds checks, and passes a user specified size as the size to memcpy, resulting in a stack buffer overflow: bool...

NVIDIA Driver - Stack Buffer Overflow in Escape 0x7000014

NVIDIA Driver - Stack Buffer Overflow in Escape 0x7000014 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=946 There is a missing bounds check in inner loop of the escape handler for 0x7000014 that leads to a stack buffer overflow: ... for DWORD i = 0; numdata; ++i ... // size is...

NVIDIA Driver - Stack Buffer Overflow in Escape 0x7000014

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=946 There is a missing bounds check in inner loop of the escape handler for 0x7000014 that leads to a stack buffer overflow: ... for DWORD i = 0; numdata; ++i ... // size is user controlled. size = escape-datai.size; for DWORD j = ...

NVIDIA Driver - Stack Buffer Overflow in Escape 0x10000e9

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=947 The escape handler for 0x10000e9 lacks bounds checks, and passes a user specified size as the size to memcpy, resulting in a stack buffer overflow: bool escape10000e9NvMiniportDeviceContext a1, Escape10000e9 escape ... LOBYTEa9...

CVE-2016-8335

CVE-2016-8335 is an exploitable stack-based buffer overflow in Iceni Argus IPNameAdd(), triggered by unvalidated source strings copied via strcpy before length checks. Affects Iceni Argus 6.6.04 (Linux x64) and 6.6.04 (Windows x64). The vulnerability stems from a 255-byte destination buffer (dest...

SUSE-SU-2016:2670-1 Security update for gd

This update for gd fixes the following issues: - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf bsc1004924 - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf bsc1005274...

openSUSE: Security Advisory for php5 (openSUSE-SU-2016:2606-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : php5 (openSUSE-2016-1221)

This update for php5 fixes the following issu : - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf bsc1004924. - CVE-2016-7568: Integer overflow in the gdImageWebpCtx function in gdwebp.c libgd bsc1001900. - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf bsc1005274...

Debian DLA-665-1 : libgd2 security update

CVE-2016-6911 invalid read in gdImageCreateFromTiffPtr most of the code is not present in the Wheezy version CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf For Debian 7 'Wheezy', these problems have been fixed in version 2.0.36rc1dfsg-6.1+deb7u6. We recommend that you upgrade your libgd...

Stack-buffer-overflow in parsed_skip

Project: svn://vcs.exim.org/pcre2/code/trunk Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=4733278460313600 Fuzzer: libFuzzerpcre2fuzzer Job Type: libfuzzerasanpcre2 Platform Id: linux Crash Type: Stack-buffer-overflow READ 4 Crash Address: 0x7fa2a5af0ed0 Crash State:...

Internet Bug Bounty: Stack Buffer Overflow in GD dynamicGetbuf

Stack-based buffer over flow in GD dynamicGetbuf - Vulnerable function: imagecreatefromstring - Bug has been reported: https://bugs.php.net/bug.php?id=73280 - Submitted a patch and accepted: https://github.com/php/php-src/commit/cc08cbc84d46933c1e9e0149633f1ed5d19e45e9 - Impact: Remotely...

Internet Bug Bounty: stack-buffer-overflow through "ResourceBundle" methods

Upstream Bug --- https://bugs.php.net/bug.php?id=73218 Summary -- ResourceBundle::create and ResourceBundle::getLocales methods and their respective functions are vulnerables to stack buffer overflow when bundlename parameter length is equal or close to 0x7fffffff, due to a type confusion in...

Security update for php5 (important)

This update for php5 fixes the following security issues: CVE-2016-7411: Memory corruption when destructing deserialized object CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNEDFLAG in BIT field CVE-2016-7413: Use after free in wddxdeserialize CVE-2016-7414: Out of bounds heap...

[SECURITY] [DSA 3676-1] unadf security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3676-1 [email protected] https://www.debian.org/security/ Luciano Bello September 24, 2016 https://www.debian.org/security/faq -...