2551 matches found
CVE-2017-7599
CVE-2017-7599 affects LibTIFF up to version 4.0.7, where a crafted TIFF file can trigger undefined behavior (via putagreytile/related paths) and cause a denial of service (application crash). Public advisories and vendor posts indicate this class of issues covered multiple CVEs in LibTIFF and wer...
CVE-2017-7597
tifdirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...
CVE-2017-7596
LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...
CVE-2017-7592
The putagreytile function in tifgetimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...
UBUNTU-CVE-2017-7596
LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...
UBUNTU-CVE-2017-7599
LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...
UBUNTU-CVE-2017-7592
The putagreytile function in tifgetimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...
UBUNTU-CVE-2017-7601
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...
Fedora 24 : libpng10 (2016-1a7e14d084)
This update fixes an old NULL pointer dereference bug in pngsettext2 discovered and patched by Patrick Keshishian CVE-2016-10087. The potential 'NULL dereference' bug has existed in libpng since version 0.71 of June 26, 1995. To be vulnerable, an application has to load a text chunk into the png...
CVE-2015-8931
Multiple integer overflows in the 1 gettimetmax and 2 gettimetmin functions in archivereadsupportformatmtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior...
CVE-2015-8931
Multiple integer overflows in the 1 gettimetmax and 2 gettimetmin functions in archivereadsupportformatmtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior...
Integer overflow
Multiple integer overflows in the 1 gettimetmax and 2 gettimetmin functions in archivereadsupportformatmtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior...
CVE-2015-8931
Multiple integer overflows in the 1 gettimetmax and 2 gettimetmin functions in archivereadsupportformatmtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior...
CVE-2015-8931
Multiple integer overflows in the 1 gettimetmax and 2 gettimetmin functions in archivereadsupportformatmtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior...
bsdcpio, bsdtar, libarchive security update
CentOS Errata and Security Advisory CESA-2016:1844 An update for libarchive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
libarchive security update
CentOS Errata and Security Advisory CESA-2016:1850 An update for libarchive is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Scientific Linux Security Update : libarchive on SL6.x i386/x86_64 (20160912)
Security Fixes : - A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive...
libarchive: Undefined behavior / invalid shiftleft in TAR parser
Undefined behavior invalid left shift was discovered in libarchive, in how Compress streams are identified. This could cause certain files to be mistakenly identified as Compress archives and fail to read...
Important: Red Hat Security Advisory: libarchive security update
An update for libarchive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
libarchive: Undefined behavior / invalid shiftleft in TAR parser
Undefined behavior invalid left shift was discovered in libarchive, in how Compress streams are identified. This could cause certain files to be mistakenly identified as Compress archives and fail to read...