Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : fastjar vulnerability (USN-953-1)

Dan Rosenberg discovered that fastjar incorrectly handled file paths containing '..' when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted jar file, arbitrary files could be overwritten with user privileges. Note that Tenable Network Security ha...

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : dpkg vulnerability (USN-909-1)

William Grant discovered that dpkg-source did not safely apply diffs when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of...

Integer overflow

Integer overflow in the JAR unpacking utility unpack200 in the unpack library unpack.dll in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JA...

CVE-2008-5352

Integer overflow in the JAR unpacking utility unpack200 in the unpack library unpack.dll in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JA...

[Full-disclosure] [ GLSA 200801-01 ] unp: Arbitrary command execution

Gentoo Linux Security Advisory GLSA 200801-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

Ubuntu 5.10 / 6.06 LTS / 6.10 : tar vulnerability (USN-385-1)

Teemu Salmela discovered that tar still handled the deprecated GNUTYPENAMES record type. This record type could be used to create symlinks that would be followed while unpacking a tar archive. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary fil...

Marshal MailMarshal TAR Unpacking Vulnerability

Marshal MailMarshal TAR Unpacking Vulnerability Overview -------- Vendor: Marshal www.marshal.com Product: MailMarshal = 6.2.1.3253 Vulnerability: Remote file overwrite, Remote execution Risk: HIGH Description ----------- During a security audit for a customer we have discovered a serios...

USN-506-1: tar vulnerability

Dmitry V. Levin discovered that tar did not correctly detect the ".." file path element when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges...

Kaspersky Antivirus DoS

Infinite loop on unpacking UPX-packed executable file...

GLSA-200607-13 : Audacious: Multiple heap and buffer overflows

The remote host is affected by the vulnerability described in GLSA-200607-13 Audacious: Multiple heap and buffer overflows Luigi Auriemma has found that the adplug library fails to verify the size of the destination buffers in the unpacking instructions, resulting in various possible heap and...

Audacious: Multiple heap and buffer overflows

Background Audacious is a media player that has been forked from Beep Media Player. Description Luigi Auriemma has found that the adplug library fails to verify the size of the destination buffers in the unpacking instructions, resulting in various possible heap and buffer overflows. Impact An...

ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability

ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-013.html May 8, 2006 -- CVE ID: CVE-2006-0994 -- Affected Vendor: Sophos Plc. -- Affected Products: Sophos Anti-Virus for Windows, Mac OS, Unix, Linux, NetWare, OS/2, OpenVM...

Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos AntiVirus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the unpacking of Microsoft Cabinet files that contain invalid folder count values...

Clam AntiVirus UPX Unpacking Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable Clam AntiVirus installations. Authentication is not required to exploit this vulnerability. This specific flaw exists within libclamav/upx.c during the unpacking of executable files compressed with UPX. Due to an...

7a69Adv#21 - WinRAR unpack one-folder path disclosure

------------------------------------------------------------------ 7a69ezine Advisories 7a69Adv21 - ------------------------------------------------------------------ http://www.7a69ezine.org 02/02/2005 - ------------------------------------------------------------------ Title: WinRAR unpack...

Microsoft Internet Explorer PNG integer overflow

Integer overflow dusing PNG deflate unpacking...