EUVD-2008-3949

Malware in sbrugna...

SUSE CVE-2008-3964

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service crash or have unspecified other impact via a PNG image with crafted zTXt chunks, related to 1 the pngpushreadzTXt function in pngread.c, and possibl...

Denial Of Service (DoS)

libpng is vulnerable to denial of service. The vulnerability exists due to an absolute path in the export script that crashes when reading multiple zTXT chunks...

USN-3194-1: OpenJDK 7 vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes...

OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)

It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory...

Code injection

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service crash or have unspecified other impact via a PNG image with crafted zTXt chunks, related to 1 the pngpushreadzTXt function in pngread.c, and possibl...