ImageMagick: PSD decoding heap overflow

Background ImageMagick is a collection of tools to read, write and manipulate images in many formats. Description Andrei Nigmatulin discovered that a Photoshop Document PSD file with more than 24 layers could trigger a heap overflow. Impact An attacker could potentially design a mailicous PSD ima...

Squid: Multiple vulnerabilities

Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Squid contains a...

tnftp: Arbitrary file overwriting

Background tnftp is a NetBSD FTP client with several advanced features. Description The 'mget' function in cmds.c lacks validation of the filenames that are supplied by the server. Impact An attacker running an FTP server could supply clients with malicious filenames, potentially allowing the...

Exim: Two buffer overflows

Background Exim is an highly configurable message transfer agent MTA developed at the University of Cambridge. Description Buffer overflows have been found in the hostaton function CAN-2005-0021 as well as in the spabase64tobits function CAN-2005-0022, which is part of the SPA authentication code...

Konqueror: Java sandbox vulnerabilities

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Konqueror is the KDE web browser and file manager. Description Konqueror contains two errors that allow JavaScript scripts and Java applets to have access to restricted Java classes. Impact A...

KDE FTP KIOslave: Command injection

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KDE provided KIOslaves for many protocols in the kdelibs package, one of them being FTP. These are used by KDE applications such as Konqueror. Description The FTP KIOslave fails to properly...

HylaFAX: hfaxd unauthorized login vulnerability

Background HylaFAX is a software package for sending and receiving facsimile messages. Description The code used by hfaxd to match a given username and hostname with an entry in the hosts.hfaxd file is insufficiently protected against malicious entries. Impact If the HylaFAX installation uses a...

poppassd_pam: Unauthorized password changing

Background poppassdpam is a PAM-enabled server for changing system passwords that can be used to change POP server passwords. Description Gentoo Linux developer Marcus Hanwell discovered that poppassdpam did not check that the old password was valid before changing passwords. Our investigation...

imlib2: Buffer overflows in image decoding

Background imlib2 is an advanced replacement for image manipulation libraries such as libXpm. It is utilized by numerous programs, including gkrellm and several window managers, to display images. Description Pavel Kankovsky discovered that several buffer overflows found in the libXpm library see...

o3read: Buffer overflow during file conversion

Background o3read is a standalone converter for OpenOffice.org files. It allows a user to dump the contents tree o3read and convert to plain text o3totxt or to HTML o3tohtml Writer and Calc files. Description Wiktor Kopec discovered that the parsehtml function in o3read.c copies any number of byt...

KPdf, KOffice: More vulnerabilities in included Xpdf

Background KPdf is a KDE-based PDF viewer included in the kdegraphics package. KOffice is an integrated office suite for KDE. Description KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is vulnerable to multiple new integer overflows, as described in GLSA 200412-24. Impact An...

TikiWiki: Arbitrary command execution

Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description TikiWiki lacks a check on uploaded images in the Wiki edit page. Impact A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...

mpg123: Buffer overflow

Background mpg123 is a real-time MPEG audio player. Description mpg123 improperly parses frame headers in input streams. Impact By inducing a user to play a malicious file, an attacker may be able to exploit a buffer overflow to execute arbitrary code with the permissions of the user running...

UnRTF: Buffer overflow

Background UnRTF is a utility to convert files in the Rich Text Format into other formats. Description An unchecked strcat in unrtf may overflow the bounds of a static buffer. Impact Using a specially crafted file, possibly delivered by e-mail or over the web, an attacker may execute arbitrary co...

pdftohtml: Vulnerabilities in included Xpdf

Background pdftohtml is a utility to convert PDF files to HTML or XML formats. It makes use of Xpdf code to decode PDF files. Description Xpdf is vulnerable to integer overflows, as described in GLSA 200412-24. Impact An attacker could entice a user to convert a specially-crafted PDF file,...

Dillo: Format string vulnerability

Background Dillo is a small and fast multi-platform web browser based on GTK+. Description Gentoo Linux developer Tavis Ormandy found a format string bug in Dillo's handling of messages in aInterfacemsg. Impact An attacker could craft a malicious web page which, when accessed using Dillo, would...

phpGroupWare: Various vulnerabilities

Background phpGroupWare is a web-based suite of group applications including a calendar, todo-list, addressbook, email, wiki, news headlines, and a file manager. Description Several flaws were discovered in phpGroupWare making it vulnerable to cross-site scripting attacks, SQL injection, and full...

xine-lib: Multiple overflows

Background xine-lib is a multimedia library which can be utilized to create multimedia frontends. Description Ariel Berkman discovered that xine-lib reads specific input data into an array without checking the input size in demuxaiff.c, making it vulnerable to a buffer overflow CAN-2004-1300...

Vilistextum: Buffer overflow vulnerability

Background Vilistextum is an HTML to text converter. Description Ariel Berkman discovered that Vilistextum unsafely reads data into an array without checking the length. This code vulnerability may lead to a buffer overflow. Impact A remote attacker could craft a malicious webpage which, when...

xzgv: Multiple overflows

Background xzgv is a picture viewer for X, with a thumbnail-based file selector. Description Multiple overflows have been found in the image processing code of xzgv, including an integer overflow in the PRF parsing code CAN-2004-0994. Impact An attacker could entice a user to open or browse a...

Shoutcast Server: Remote code execution

Background Shoutcast Server is Nullsoft's streaming audio server. It runs on a variety of platforms, including Linux, and is extremely popular with Internet broadcasters. Description Part of the Shoutcast Server Linux binary has been found to improperly handle sprintf parsing. Impact A malicious...

tiff: New overflows in image decoding

Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description infamous41md found a potential integer overflow in the directory entry count routines o...

Mozilla, Firefox, Thunderbird: Various vulnerabilities

Background Mozilla is a popular web browser that includes a mail and newsreader. Mozilla Firefox and Mozilla Thunderbird are respectively the next-generation browser and mail client from the Mozilla project. Description Maurycy Prodeus from isec.pl found a potentially exploitable buffer overflow ...

mit-krb5: Heap overflow in libkadm5srv

Background MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description The MIT Kerberos 5 administration library libkadm5srv contains a heap overflow in the code handling password changing. Impact Under specific...

a2ps: Multiple vulnerabilities

Background a2ps is an Any to Postscript filter that can convert to Postscript from many filetypes. fixps is a script that fixes errors in Postscript files. psmandup produces a Postscript file for printing in manual duplex mode. Description Javier Fernandez-Sanguino Pena discovered that the a2ps...

LinPopUp: Buffer overflow in message reply

Background LinPopUp is a graphical application that acts as a frontend to Samba client messaging functions, allowing a Linux desktop to communicate with a Microsoft Windows computer that runs Winpopup. Description Stephen Dranger discovered that LinPopUp contains a buffer overflow in string.c,...

PHProjekt: Remote code execution vulnerability

Background PHProjekt is a modular groupware web application used to coordinate group activities and share files. Description cYon discovered that the authform.inc.php script allows a remote user to define the global variable $pathpre. Impact A remote attacker can exploit this vulnerability to for...

CUPS: Multiple vulnerabilities

Background The Common UNIX Printing System CUPS is a cross-platform print spooler, hpgltops is a CUPS filter handling printing of HPGL files and lppasswd is a program used locally to manage spooler passwords. Description CUPS makes use of vulnerable Xpdf code to handle PDF files CAN-2004-1125...

Xpdf, GPdf: New integer overflows

Background Xpdf is an open source viewer for Portable Document Format PDF files. GPdf is a Gnome-based PDF viewer that includes some Xpdf code. Description A new integer overflow issue was discovered in Xpdf's Gfx::doImage function. Impact An attacker could entice an user to open a...

ViewCVS: Information leak and XSS vulnerabilities

Background ViewCVS is a browser interface for viewing CVS and Subversion version control repositories through a web browser. Description The tar export functions in ViewCVS bypass the 'hidecvsroot' and 'forbidden' settings and therefore expose information that should be kept secret CAN-2004-0915...

mpg123: Playlist buffer overflow

Background mpg123 is a MPEG Audio Player. Description Bartlomiej Sieka discovered that mpg123 contains an unsafe strcat to an array in playlist.c. This code vulnerability may lead to a buffer overflow. Impact A remote attacker could craft a malicious playlist which, when used, would result in the...

Zwiki: XSS vulnerability

Background Zwiki is a Zope wiki-clone for easy-to-edit collaborative websites. Description Due to improper input validation, Zwiki can be exploited to perform cross-site scripting attacks. Impact By enticing a user to read a specially-crafted wiki entry, an attacker can execute arbitrary script...

NASM: Buffer overflow vulnerability

Background NASM is a 80x86 assembler that has been created for portability and modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow extensions. It also supports a wide range of objects formats ELF, a.out, COFF, ..., and has its own disassembler. Description Jonathan Rockway discovered that...

MPlayer: Multiple overflows

Background MPlayer is a media player capable of handling multiple multimedia file formats. Description iDEFENSE, Ariel Berkman and the MPlayer development team found multiple vulnerabilities in MPlayer. These include potential heap overflows in Real RTSP and pnm streaming code, stack overflows in...

kdelibs, kdebase: Multiple vulnerabilities

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. The KDE core libraries kdebase and kdelibs provide native support for many protocols. Konqueror is the KDE web browser and filemanager. Description Daniel Fabian discovered that the KDE core...

PHP: Multiple vulnerabilities

Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description Stefan Esser and Marcus Boerger reported several different issues in...

Ethereal: Multiple vulnerabilities

Background Ethereal is a feature rich network protocol analyzer. Description There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.8, including: Bug in DICOM dissection discovered by Bing could make Ethereal crash CAN 2004-1139. An invalid RTP timestamp could make Ethereal...

abcm2ps: Buffer overflow vulnerability

Background abcm2ps is a utility used to convert ABC music sheet files into PostScript format. Description Limin Wang has located a buffer overflow inside the putwords function in the abcm2ps code. Impact A remote attacker could convince the victim to download a specially-crafted ABC file. Upon...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Nicolas Gregoire exaprobe.com has discovered two vulnerabilities that exist only on a webserver where PHP safemode is off. These vulnerabilities could lead to...

kfax: Multiple overflows in the included TIFF library

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. kfax part of kdegraphics is the KDE fax file viewer. Description Than Ngo discovered that kfax contains a private copy of the TIFF library and is therefore subject to several known...

Samba: Integer overflow

Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. Description Samba contains a bug when unmarshalling specific MS-RPC requests from clients. Impact A remote attacker may be able to execute...

Cscope: Insecure creation of temporary files

Background Cscope is a developer utility used to browse and manage source code. Description Cscope creates temporary files in world-writable directories with predictable names. Impact A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere...

Adobe Acrobat Reader: Buffer overflow vulnerability

Background Adobe Acrobat Reader is a utility used to view PDF files. Description A buffer overflow has been discovered in the email processing of Adobe Acrobat Reader. This flaw exists in the mailListIsPdf function, which checks if the input file is an email message containing a PDF file. Impact ...

ncpfs: Buffer overflow in ncplogin and ncpmap

Background ncpfs is a NCP protocol network filesystem that allows access to Netware services, for example to mount volumes of NetWare servers or print to NetWare print queues. Description Karol Wiesek discovered a buffer overflow in the handling of the '-T' option in the ncplogin and ncpmap...

Vim, gVim: Vulnerable options in modelines

Background Vim is an efficient, highly configurable improved version of the classic 'vi' text editor. gVim is the GUI version of Vim. Description Gentoo's Vim maintainer, Ciaran McCreesh, found several vulnerabilities related to the use of options in Vim modelines. Options like 'termcap',...

nfs-utils: Multiple remote vulnerabilities

Background nfs-utils is a package containing the client and daemon implementations for the NFS protocol. Description Arjan van de Ven has discovered a buffer overflow on 64-bit architectures in 'rquotaserver.c' of nfs-utils CAN-2004-0946. A remotely exploitable flaw on all architectures also exis...

file: Arbitrary code execution

Background file is a utility used to identify the type of a file. Description A possible stack overflow has been found in the ELF header parsing code of file. Impact An attacker may be able to create a specially crafted ELF file which, when processed with file, may allow the execution of arbitrar...

PHProjekt: setup.php vulnerability

Background PHProjekt is a modular groupware web application used to coordinate group activities and share files. Description Martin Muench, from it.sec, found a flaw in the setup.php file. Impact Successful exploitation of the flaw allows a remote attacker without admin rights to make unauthorize...

Perl: Insecure temporary file creation

Background Perl is a stable, cross-platform programming language created by Larry Wall. Description Some Perl modules create temporary files in world-writable directories with predictable names. Impact A local attacker could create symbolic links in the temporary files directory, pointing to a...

mirrorselect: Insecure temporary file creation

Background mirrorselect is a tool to help select distfiles mirrors for Gentoo. Description Ervin Nemeth discovered that mirrorselect creates temporary files in world-writable directories with predictable names. Impact A local attacker could create symbolic links in the temporary files directory,...