Security update for libvorbis (moderate)

This update for libvorbis fixes the following issues: Security issues fixed: - CVE-2018-10393: Fixed stack-based buffer over-read in barknoisehybridm bsc1091072. - CVE-2017-14160: Fixed out-of-bounds access inside barknoisehybridmp function bsc1059812. This update was imported from the...

Updated exempi package fixes security vulnerabilities

An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScriptMetaHandler::ParsePSFile function in PostScriptHandler.cpp CVE-2018-7729. An issue was discovered in Exempi through 2.4.4. WEBPSupport.cpp does not check whether a bitstream has a NULL value,...

SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:0809-1)

This update for clamav fixes the following issues: Security issues fixed : - CVE-2012-6706: VMSFDELTA filter inside the unrar implementation allows an arbitrary memory write bsc1045315. - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted C...

Amazon Linux AMI : clamav (ALAS-2018-976)

Heap-based buffer overflow in mspack/lzxd.c mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file. CVE-2017-6419...

CVE-2018-7729

An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScriptMetaHandler::ParsePSFile function in XMPFiles/source/FileHandlers/PostScriptHandler.cpp...

CVE-2018-7729

CVE-2018-7729 affects Exempi up to version 2.4.4. A stack-based buffer over-read occurs in PostScript_MetaHandler::ParsePSFile() within XMPFiles/source/FileHandlers/PostScript_Handler.cpp. Public-advisory context indicates that exploitation could cause a remote host to hang/crash (DoS) and, per U...

ImageMagick 7.0.7.22 DoS Vulnerability - Mac OS X

ImageMagick is prone to a Denial of Service vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

CVE-2018-6930

A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service application crash via a maliciously crafted pict file...

CVE-2018-6930

A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service application crash via a maliciously crafted pict file...

CVE-2018-6930

A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service application crash via a maliciously crafted pict file...

CVE-2017-17788

In GIMP 2.8.22, there is a stack-based buffer over-read in xcfloadstream in app/xcf/xcf.c when there is no '\0' character after the version string...

Stack overflow

In GIMP 2.8.22, there is a stack-based buffer over-read in xcfloadstream in app/xcf/xcf.c when there is no '\0' character after the version string...

CVE-2017-17788

CVE-2017-17788 affects GIMP 2.8.22 with a stack-based buffer over-read in xcf_load_stream (app/xcf/xcf.c) when there is no '\0' after the version string. Connected advisories (Ubuntu USN-3539-1, SUSE SU-2020-0601-1, Red Hat/CVE bundles) confirm this issue among multiple GIMP vulnerabilities and r...

CVE-2017-17788

In GIMP 2.8.22, there is a stack-based buffer over-read in xcfloadstream in app/xcf/xcf.c when there is no '\0' character after the version string...

CVE-2017-15368

The wasmdis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service stack-based buffer over-read and application crash or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect rhexbin2str call...

Stack overflow

The wasmdis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service stack-based buffer over-read and application crash or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect rhexbin2str call...

CVE-2017-15368

CVE-2017-15368 affects radare2 2.0.0: the wasm_dis function (libr/asm/arch/wasm/wasm.c) is exploitable via a crafted WASM file and can cause a stack-based buffer over-read, leading to a denial of service (application crash) and potentially other impact due to an incorrect r_hex_bin2str call. Reme...

CVE-2017-14931

ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted JPEG file...

CVE-2017-14931

The CVE-2017-14931 entry concerns OpenExif 2.1.4. The vulnerability resides in ExifImageFile::readDQT within ExifImageFileRead.cpp, allowing remote attackers to trigger a denial of service via a crafted JPEG, caused by a stack-based buffer over-read that crashes the application. The available rec...

CVE-2017-14931

ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted JPEG file...