DEBIAN-CVE-2007-6277

Multiple buffer overflows in Free Lossless Audio Codec FLAC libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large 1 Metadata Block Size, 2 VORBIS Comment String Size, 3 Picture Metadata MIME-TYPE Size, 4 Picture Description Size, 5 Picture Data Length, 6...

Integer overflow

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the readpng function...

php multiple integer overflows in gd

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a large 1 srcW or 2 srcH value to the a gdImageCopyResized function, or a large 3 sy height or 4 sx width value to the b...

java-jre: GIF buffer overflow

Buffer overflow in Sun JDK and Java Runtime Environment JRE 5.0 Update 9 and earlier, SDK and JRE 1.4.212 and earlier, and SDK and JRE 1.3.118 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption...

Gimp PSD integer overflow

Integer overflow in the seektoandunpackpixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large 1 width or 2 height value...

CVE-2007-4988

Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow...

Mandrake Linux Security Advisory : gimp (MDKSA-2007:170)

Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in 1 DICOM, 2 PNM, 3 PSD, 4 PSP, 5 Sun RAS, 6 XBM, and 7 XWD files. CVE-2006-4519 Integer overflow in the seektoandunpackpixeldata...

DEBIAN-CVE-2007-2949

Integer overflow in the seektoandunpackpixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large 1 width or 2 height value...

Integer overflow

Integer overflow in the seektoandunpackpixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large 1 width or 2 height value...

CVE-2007-2949

Integer overflow in the seektoandunpackpixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large 1 width or 2 height value...

DEBIAN-CVE-2007-3113

Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service CPU consumption via a large value of the 1 graphheight or 2 graphwidth parameter, different vectors than CVE-2007-3112...

Buffer overflow

Multiple buffer overflows in HT Editor before 2.0.6 might allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the editor display width. NOTE: some of the details were obtained from third party information...

GS07-01 Full-Width and Half-Width Unicode Encoding IDS/IPS/WAF Bypass Vulnerability

GS07-01 Full-Width and Half-Width Unicode Encoding IDS/IPS/WAF Bypass Vulnerability Date & Version : 04/14/2007 - 1.0 Description : Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic. This may allow malicious content to bypass HTTP content...

Multiple applications Unicode Full Width / Half Width characters protection bypass

Client application may support translation of Halfwidth/Fullwidth Unicode characters unicode FF00 - FFEE, while content filter doesn't...

java-jre: GIF buffer overflow

Buffer overflow in Sun JDK and Java Runtime Environment JRE 5.0 Update 9 and earlier, SDK and JRE 1.4.212 and earlier, and SDK and JRE 1.3.118 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption...

CVE-2007-1946

Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp...

Re: [Full-disclosure] firefox 2.0.0.2 crash

On Fri, 09 Mar 2007 20:31:40 +0200, =?ISO-8859-1?Q?T=F5nu?= Samuel said: http://people.zoy.org/sam/firefox-crash-save-session-before-clicking.gif Cute. The 16-bit height and width fields in the GIF are: 0x0048 = decimal 72 0x8004 = decimal whoops. ;...

java-jre: GIF buffer overflow

Buffer overflow in Sun JDK and Java Runtime Environment JRE 5.0 Update 9 and earlier, SDK and JRE 1.4.212 and earlier, and SDK and JRE 1.3.118 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption...

Sun Java memory corruption

Memory corruption on GIF files parsing with 0 width block. Can be used for hidden malware installation...

Sun Microsystems Java - .GIF File Parsing Memory Corruption

Sun Microsystems Java - .GIF File Parsing Memory Corruption / FileName: JvmGifVulPoc.java Date: 2007-01-21 Description: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit Environment: Only successfully tested on Sun Jre 1.5 Author: luoluo Contact:...