LibTIFF Tag Extension Remote Code Execution Vulnerability

Report ID page.status Summary An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered t...

Hopper Disassembler ELF Section Header Size Code Execution Vulnerability

Summary An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper App. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with...

Foxit PDF Reader JBIG2 Parser Information Disclosure Vulnerability

Summary A large out of bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR. Tested Versions Foxit Software Foxit Reader 8.0.2.805 Produc...

FreeImage Library XMP Image Handling Code Execution Vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this...

Redis CONFIG SET client-output-buffer-limit command Code Execution Vulnerability

Summary An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution. Tested Versions...

OpenJPEG JPEG2000 mcc record Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful...

Microsoft Windows10 AHCACHE.SYS Remote Denial Of Service

Summary A denial of service vulnerability exists in the AHCACHE.SYS driver. A specially crafted Portable Executable file can cause a bugcheck in the Windows kernel resulting in remote denial of service. Tested Versions Windows 10, AHCACHE.SYS version 10.0.10586.0 Tested on Windows 10 X86 Product...

Kaspersky Anti-Virus Unhandled Windows Messages Denial of Service Vulnerability

Summary An local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, attacker can cause application termination and in the same way bypass KAV self-protection mechanism. Tested...

Kaspersky Internet Security KLDISK Driver Multiple Kernel Memory Disclosure Vulnerabilities

Summary Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out of bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory...

Kaspersky Internet Security KLIF Driver NtAdjustTokenPrivileges_HANDLER Denial of Service

Summary A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user mo...

Kaspersky Internet Security KLIF Driver NtUserCreateWindowEx_HANDLER Denial of Service

Summary A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can ru...

Kaspersky Internet Security KL1 Driver Signal Handler Denial of Service

Summary A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program from user...

AB Rockwell Automation MicroLogix 1400 Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0184 AB Rockwell Automation MicroLogix 1400 Code Execution Vulnerability August 11, 2016 CVE Number CVE-2016-5645 Description An exploitable Use of Hard-coded Credentials Undocumented Community String vulnerability exists in the SNMP functionality of...

Microsoft Windows PDF API Jpeg2000 csiz Remote Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0170 Microsoft Windows PDF API Jpeg2000 csiz Remote Code Execution Vulnerability August 9, 2016 CVE Number CVE-2016-3319 Description An exploitable out of bounds write vulnerability exists in the PDF parsing API in the latest versions of Microsoft Windows. A...

LexMark Perceptive Document Filters XLS Convert Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0172 LexMark Perceptive Document Filters XLS Convert Code Execution Vulnerability August 6, 2016 CVE Number CVE-2016-4335 Description An exploitable buffer overflow exists in the XLS parsing of the Perspective Document Filters conversion functionality. A...

LexMark Perceptive Document Filters Bzip2 Convert Out of Bounds Write Vulnerability

Talos Vulnerability Report TALOS-2016-0173 LexMark Perceptive Document Filters Bzip2 Convert Out of Bounds Write Vulnerability August 6, 2016 CVE Number CVE-2016-4336 Description An exploitable out of bounds write exists in the Bzip2 parsing of the Perspective Document Filters conversion...

Lexmark Perceptive Document Filters CBFF Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0185 Lexmark Perceptive Document Filters CBFF Code Execution Vulnerability August 6, 2016 CVE Number CVE-2016-5646 Description An exploitable heap overflow vulnerability exists in the Compound Binary File Format CBFF parser functionality of Lexmark Perceptive...

Hancom Hangul HCell Workbook Table and Pivot Style Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0148 Hancom Hangul HCell Workbook Table and Pivot Style Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4293 Description This vulnerability was discovered within the Hangul Hcell application which is part of the Hangul Office Suite. Hangul...

BlueStacks App Player Privilege Escalation Vulnerability

Talos Vulnerability Report TALOS-2016-0124 BlueStacks App Player Privilege Escalation Vulnerability August 4, 2016 CVE Number CVE-2016-4288 Description A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak...

Hancom Hangul Office HShow!NXDeleteLineObj+0x47269 Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0147 Hancom Hangul Office HShow!NXDeleteLineObj+0x47269 Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4292 Description This vulnerability was discovered within the Hangul HShow application which is part of the Hangul Office Suite. Hangul...

Hancom Hangul Office HShow!NXDeleteLineObj+0x53692 Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0146 Hancom Hangul Office HShow!NXDeleteLineObj+0x53692 Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4291 Description This vulnerability was discovered within the Hangul HShow application which is part of the Hangul Office Suite. Hangul...

Hancom Hangul Office HShow!NXDeleteLineObj+0x560cb Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0144 Hancom Hangul Office HShow!NXDeleteLineObj+0x560cb Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4298 Description This vulnerability was discovered within the Hangul HShow application which is part of the Hangul Office Suite. Hangul...

Hancom Hangul Office HShow!NXDeleteLineObj+0x6960c Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0145 Hancom Hangul Office HShow!NXDeleteLineObj+0x6960c Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4290 Description This vulnerability was discovered within the Hangul HShow application which is part of the Hangul Office Suite. Hangul...

Hancom Hangul HCell HncChart CFormulaTokenSizeModifier Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0150 Hancom Hangul HCell HncChart CFormulaTokenSizeModifier Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4295 Description This vulnerability was discovered within the Hangul Hcell application which is part of the Hangul Office Suite. Hangul...

Hancom Hangul HCell OfficeArt Record pConnectionSites and pVertices Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0149 Hancom Hangul HCell OfficeArt Record pConnectionSites and pVertices Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4294 Description This vulnerability was discovered within the Hangul Hcell application which is part of the Hangul Office...

Hancom Hangul HCell CSSValFormat::CheckUnderbar Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0151 Hancom Hangul HCell CSSValFormat::CheckUnderbar Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4296 Description This vulnerability was discovered within the Hangul Hcell application which is part of the Hangul Office Suite. Hangul Office...

OpenOffice Impress MetaActions Arbitrary Read Write Vulnerability

Talos Vulnerability Report TALOS-2016-0051 OpenOffice Impress MetaActions Arbitrary Read Write Vulnerability July 21, 2016 CVE Number CVE-2016-1513 Description An exploitable out-of-bounds vulnerability exists in OpenOffice when handling MetaActions. A specially crafted Open Office Impress file c...

Oracle OIT IX SDK libvs_pdf Tj Operator Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0098 Oracle OIT IX SDK libvspdf Tj Operator Denial of Service Vulnerability July 19, 2016 CVE Number CVE-2016-3576 DESCRIPTION When parsing a specialy crafted PDF document, a NULL pointer dereference leading to a process termination. A pointer value from a...

Oracle OIT IX SDK libvs_pdf Xref Offset Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0102 Oracle OIT IX SDK libvspdf Xref Offset Denial of Service Vulnerability July 19, 2016 CVE Number CVE-2016-3580 Description A vulnerability in PDF parser of the IX SDK exists that results in out of bounds heap memory access following an unchecked memory...

Oracle OIT IX SDK libvs_pdf arbitrary pointer access

Talos Vulnerability Report TALOS-2016-0101 Oracle OIT IX SDK libvspdf arbitrary pointer access July 19, 2016 CVE Number CVE-2016-3579 Description When parsing a specially crafted PDF document, a value derived from a file is used as a memory pointer leading to a process crash. Tested Versions...

Oracle OIT ContentAccess libvs_mwkd VwStreamSection Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0159 Oracle OIT ContentAccess libvsmwkd VwStreamSection Code Execution Vulnerability July 19, 2016 CVE Number CVE-2016-3593 Description A partially controlled memory corruption vulnerability exists in Mac Works Database file format parsing code of Oracle...

Oracle OIT ContentAccess libvs_word+63AC Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0158 Oracle OIT ContentAccess libvsword+63AC Code Execution Vulnerability July 19, 2016 CVE Number CVE-2016-3592 Description Partially controlled memory write vulnerability exists in Mac Word file format parsing code of Oracle Outside In Technology Content...

Oracle OIT ContentAccess libvs_word Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0156 Oracle OIT ContentAccess libvsword Denial of Service Vulnerability July 19, 2016 CVE Number CVE-2016-3590 Description A partially controlled memory write vulnerability exists in Mac Word file format of Oracle Outside In Technology Content Access SDK. An...

Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord Memory Corruption Vulnerability

Talos Vulnerability Report TALOS-2016-0157 Oracle OIT ContentAccess libvsmwkd VwStreamReadRecord Memory Corruption Vulnerability July 19, 2016 CVE Number CVE-2016-3591 Description Partially controlled memory write vulnerability exists in Mac Works Database file format parsing code of Oracle Outsi...

Oracle OIT IX SDK TIFF ExtraSamples Code Execution Vulnerabiity

Talos Vulnerability Report TALOS-2016-0103 Oracle OIT IX SDK TIFF ExtraSamples Code Execution Vulnerabiity July 19, 2016 CVE Number CVE-2016-3581 Description While parsing a specially crafted TIFF file, a parser confussion can lead to a heap buffer overflow resulting in out of bounds memory...

Oracle OIT IX SDK libvs_pdf Size Integer Overflow Vulnerability

Talos Vulnerability Report TALOS-2016-0097 Oracle OIT IX SDK libvspdf Size Integer Overflow Vulnerability July 19, 2016 CVE Number CVE-2016-3575 DESCRIPTION An integer overflow leading to two distinct issues can be triggered by a specially crafted PDF file. TESTED VERSIONS Oracle Outside In IX sd...

Oracle OIT libim_psi2 psiparse Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0161 Oracle OIT libimpsi2 psiparse Code Execution Vulnerability July 19, 2016 CVE Number CVE-2016-3594 Description A memory corruption vulnerability exists in file parsing code of Oracle Outside In Technology libimpsi2 library. Specifically, a integer overflo...

Oracle OIT IX SDK libvs_pdf Kids List Information Leak

Talos Vulnerability Report TALOS-2016-0096 Oracle OIT IX SDK libvspdf Kids List Information Leak July 19, 2016 CVE Number CVE-2016-3574 DESCRIPTION When parsing a specially crafted PDF document, the parser is expecting a pointer where string is located leading to a read access violation with a...

Oracle OIT IX SDK TIFF file parsing heap buffer overflow

Talos Vulnerability Report TALOS-2016-0104 Oracle OIT IX SDK TIFF file parsing heap buffer overflow July 19, 2016 CVE Number CVE-2016-3582 Description While parsing a specially crafted TIFF file, a parser confusion can lead to a heap buffer overflow resulting in out of bounds memory overwrite and...

Oracle OIT libim_gem2 Gem_Text Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0162 Oracle OIT libimgem2 GemText Code Execution Vulnerability July 19, 2016 CVE Number CVE-2016-3595 Description An integer overflow vulnerability exists in file parsing code of Oracle Outside In Technology libimgem2 library. A specially crafted Gem file can...

Oracle OIT ImageExport libvs_bmp BMP BI_RLE8 Width Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0160 Oracle OIT ImageExport libvsbmp BMP BIRLE8 Width Code Execution Vulnerability July 19, 2016 Description A vulnerability in libvseshr can lead to remote code execution while parsing a specially crafted Word document containing a reference to Escher drawin...

Oracle OIT IX SDK libvs_pdf FlateDecode Colors Denial of Service Vulnerabiity

Talos Vulnerability Report TALOS-2016-0100 Oracle OIT IX SDK libvspdf FlateDecode Colors Denial of Service Vulnerabiity July 19, 2016 CVE Number CVE-2016-3578 DESCRIPTION A null pointer dereference leading to process crash can occur while parsing a malformed PDF file. TESTED VERSIONS Oracle Outsi...

Oracle OIT IX SDK libvs_pdf Root xref Denial of Service Vulnerabiity

Talos Vulnerability Report TALOS-2016-0099 Oracle OIT IX SDK libvspdf Root xref Denial of Service Vulnerabiity July 19, 2016 CVE Number CVE-2016-3577 DESCRIPTION A stack overflow leading to a crash due to unbounded recusive function call is present in the PDF file format parsing code of the IX SD...

Oracle OIT ImageExport libvs_bmp BMP BI_RLE8 Width Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0163 Oracle OIT ImageExport libvsbmp BMP BIRLE8 Width Code Execution Vulnerability July 19, 2016 CVE Number CVE-2016-3596 Description When parsing a specially crafted BMP file, an erroneous memory copy operation can cause a heap buffer overflow leading to...

Oracle OIT IX SDK GIF ImageWidth Code Execution Vulnerabiity

Talos Vulnerability Report TALOS-2016-0105 Oracle OIT IX SDK GIF ImageWidth Code Execution Vulnerabiity July 19, 2016 CVE Number CVE-2016-3583 Description While parsing a specially crafted GIF file, an integer overflow vulnerability and result in out of bounds heap memory overwrite potentially...

Apple Image I/O API Tiled TIFF Remote Code Execution Vulnerability

SUMMARY An exploitable heap based buffer overflow exists in the handling of TIFF images on Apple OS X and iOS operating systems. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. This vulnerability can be triggered via malicious web page, MMS...

Apple Image I/O EXR Color Component Remote Code Execution Vulnerability

SUMMARY An exploitable heap based buffer overflow exists in the handling of EXR images on OS X. A crafted EXR document can lead to a heap based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved EXR file delivered by other means when opened in any...

Apple OS X Scene Kit DAE XML Code Execution Vulnerability

SUMMARY An exploitable type confusion vulnerability exists in the handling of DAE images on OS X. A crafted DAE document can trigger a type confusion vulnerability which potentially could be exploited to achieve attacker controlled code execution. Vulnerability can be triggered via a saved DAE fi...

Apple Core Graphics BMP Framework img_decode_read Remote Code Execution Vulnerability

SUMMARY An exploitable out of bounds write exists in the handling of BMP images on Apple OS X and iOS. A crafted BMP document can lead to an out of bounds write resulting in remote code execution. Vulnerability can be triggered via a saved BMP file delivered by other means when opened in any...

Apple Image I/O EXR Compression Remote Code Execution Vulnerability

SUMMARY An exploitable heap based buffer overflow exists in the handling of EXR images on OS X. A crafted EXR document can lead to a heap based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved EXR file delivered by other means when opened in any...