Oracle OIT IX SDK libvs_pdf Tj Operator Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0098 Oracle OIT IX SDK libvspdf Tj Operator Denial of Service Vulnerability July 19, 2016 CVE Number CVE-2016-3576 DESCRIPTION When parsing a specialy crafted PDF document, a NULL pointer dereference leading to a process termination. A pointer value from a...

Oracle OIT libim_gem2 Gem_Text Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0162 Oracle OIT libimgem2 GemText Code Execution Vulnerability July 19, 2016 CVE Number CVE-2016-3595 Description An integer overflow vulnerability exists in file parsing code of Oracle Outside In Technology libimgem2 library. A specially crafted Gem file can...

Oracle OIT ContentAccess libvs_mwkd VwStreamSection Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0159 Oracle OIT ContentAccess libvsmwkd VwStreamSection Code Execution Vulnerability July 19, 2016 CVE Number CVE-2016-3593 Description A partially controlled memory corruption vulnerability exists in Mac Works Database file format parsing code of Oracle...

Oracle OIT ImageExport libvs_bmp BMP BI_RLE8 Width Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0163 Oracle OIT ImageExport libvsbmp BMP BIRLE8 Width Code Execution Vulnerability July 19, 2016 CVE Number CVE-2016-3596 Description When parsing a specially crafted BMP file, an erroneous memory copy operation can cause a heap buffer overflow leading to...

Oracle OIT IX SDK libvs_pdf Root xref Denial of Service Vulnerabiity

Talos Vulnerability Report TALOS-2016-0099 Oracle OIT IX SDK libvspdf Root xref Denial of Service Vulnerabiity July 19, 2016 CVE Number CVE-2016-3577 DESCRIPTION A stack overflow leading to a crash due to unbounded recusive function call is present in the PDF file format parsing code of the IX SD...

Oracle OIT ContentAccess libvs_word+63AC Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0158 Oracle OIT ContentAccess libvsword+63AC Code Execution Vulnerability July 19, 2016 CVE Number CVE-2016-3592 Description Partially controlled memory write vulnerability exists in Mac Word file format parsing code of Oracle Outside In Technology Content...

Oracle OIT IX SDK TIFF file parsing heap buffer overflow

Talos Vulnerability Report TALOS-2016-0104 Oracle OIT IX SDK TIFF file parsing heap buffer overflow July 19, 2016 CVE Number CVE-2016-3582 Description While parsing a specially crafted TIFF file, a parser confusion can lead to a heap buffer overflow resulting in out of bounds memory overwrite and...

Oracle OIT IX SDK GIF ImageWidth Code Execution Vulnerabiity

Talos Vulnerability Report TALOS-2016-0105 Oracle OIT IX SDK GIF ImageWidth Code Execution Vulnerabiity July 19, 2016 CVE Number CVE-2016-3583 Description While parsing a specially crafted GIF file, an integer overflow vulnerability and result in out of bounds heap memory overwrite potentially...

Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord Memory Corruption Vulnerability

Talos Vulnerability Report TALOS-2016-0157 Oracle OIT ContentAccess libvsmwkd VwStreamReadRecord Memory Corruption Vulnerability July 19, 2016 CVE Number CVE-2016-3591 Description Partially controlled memory write vulnerability exists in Mac Works Database file format parsing code of Oracle Outsi...

Apple Image I/O EXR Color Component Remote Code Execution Vulnerability

SUMMARY An exploitable heap based buffer overflow exists in the handling of EXR images on OS X. A crafted EXR document can lead to a heap based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved EXR file delivered by other means when opened in any...

Apple OS X Scene Kit DAE XML Code Execution Vulnerability

SUMMARY An exploitable type confusion vulnerability exists in the handling of DAE images on OS X. A crafted DAE document can trigger a type confusion vulnerability which potentially could be exploited to achieve attacker controlled code execution. Vulnerability can be triggered via a saved DAE fi...

Apple Core Graphics BMP Framework img_decode_read Remote Code Execution Vulnerability

SUMMARY An exploitable out of bounds write exists in the handling of BMP images on Apple OS X and iOS. A crafted BMP document can lead to an out of bounds write resulting in remote code execution. Vulnerability can be triggered via a saved BMP file delivered by other means when opened in any...

Apple Image I/O EXR Compression Remote Code Execution Vulnerability

SUMMARY An exploitable heap based buffer overflow exists in the handling of EXR images on OS X. A crafted EXR document can lead to a heap based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved EXR file delivered by other means when opened in any...

Apple Image I/O API Tiled TIFF Remote Code Execution Vulnerability

SUMMARY An exploitable heap based buffer overflow exists in the handling of TIFF images on Apple OS X and iOS operating systems. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. This vulnerability can be triggered via malicious web page, MMS...

Intel HD Graphics Windows Kernel Driver (igdkmd64) Code Execution Vulnerability

SUMMARY A vulnerability exists in the communication functionality of Intel Graphics Kernel Mode Driver. A specially crafted message can cause a vulnerability resulting in executing arbitrary code. An attacker can send specific message to trigger this vulnerability and escalate his privileges on t...

Symantec Norton Security IDSvix86 PE Remote System Denial of Service Vulnerability

SUMMARY A denial of service vulnerability exists in the Portable Executable file scanning functionality of Symantec Norton Security. A specially crafted PE file can cause an access violation in IDSvix86 kernel driver resulting in denial of service. An attacker can trigger this vulnerability for...

The Document Foundation LibreOffice RTF Stylesheet Code Execution Vulnerability

SUMMARY An exploitable Use After Free vulnerability exists in the RTF parser LibreOffice. A specially crafted file can cause a use after free resulting in a possible arbitrary code execution. To exploit the vulnerability a malicious file needs to be opened by the user via vulnerable application...

Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability

Talos Vulnerability Report TALOS-2016-0119 Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability June 21, 2016 CVE Number CVE-2016-2377 DESCRIPTION A buffer vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentiall...

Pidgin MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities

Talos Vulnerability Report TALOS-2016-0136 Pidgin MXIT gsnprintf Multiple Buffer Overflow Vulnerabilities June 21, 2016 CVE Number CVE-2016-2368 DESCRIPTION Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the...

Pidgin MXIT Splash Image Arbitrary File Overwrite Vulnerability

Talos Vulnerability Report TALOS-2016-0128 Pidgin MXIT Splash Image Arbitrary File Overwrite Vulnerability June 21, 2016 CVE Number CVE-2016-4323 DESCRIPTION A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could...

Pidgin MXIT mxit_convert_markup_tx Information Leak Vulnerability

Talos Vulnerability Report TALOS-2016-0123 Pidgin MXIT mxitconvertmarkuptx Information Leak Vulnerability June 21, 2016 CVE Number CVE-2016-2380 DESCRIPTION An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially...

Pidgin MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0137 Pidgin MXIT CPSOCKRECTERM Denial of Service Vulnerability June 21, 2016 CVE Number CVE-2016-2369 DESCRIPTION An NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server...

Pidgin MXIT Custom Resource Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0138 Pidgin MXIT Custom Resource Denial of Service Vulnerability June 21, 2016 CVE Number CVE-2016-2370 DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could...

Pidgin MXIT Table Command Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0134 Pidgin MXIT Table Command Denial of Service Vulnerability June 21, 2016 CVE Number CVE-2016-2366 DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could...

Pidgin MXIT Extended Profiles Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0139 Pidgin MXIT Extended Profiles Code Execution Vulnerability June 21, 2016 CVE Number CVE-2016-2371 DESCRIPTION An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server coul...

Pidgin MXIT Markup Command Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0133 Pidgin MXIT Markup Command Denial of Service Vulnerability June 21, 2016 CVE Number CVE-2016-2365 DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could...

Pidgin MXIT Avatar Length Memory Disclosure Vulnerability

Talos Vulnerability Report TALOS-2016-0135 Pidgin MXIT Avatar Length Memory Disclosure Vulnerability June 21, 2016 CVE Number CVE-2016-2367 DESCRIPTION An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially resu...

Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability

Talos Vulnerability Report TALOS-2016-0140 Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability June 21, 2016 CVE Number CVE-2016-2372 DESCRIPTION An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potential...

Pidgin MXIT MultiMX Message Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0142 Pidgin MXIT MultiMX Message Code Execution Vulnerability June 21, 2016 CVE Number CVE-2016-2374 DESCRIPTION An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent...

Pidgin MXIT read stage 0x3 Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0118 Pidgin MXIT read stage 0x3 Code Execution Vulnerability June 21, 2016 CVE Number CVE-2016-2376 DESCRIPTION A buffer overflows vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could...

Pidgin MXIT Suggested Contacts Memory Disclosure Vulnerability

Talos Vulnerability Report TALOS-2016-0143 Pidgin MXIT Suggested Contacts Memory Disclosure Vulnerability June 21, 2016 CVE Number CVE-2016-2375 DESCRIPTION An exploitable out-of-bounds ready exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent fr...

Pidgin MXIT Contact Mood Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0141 Pidgin MXIT Contact Mood Denial of Service Vulnerability June 21, 2016 CVE Number CVE-2016-2373 DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could...

Pidgin MXIT get_utf8_string Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0120 Pidgin MXIT getutf8string Code Execution Vulnerability June 21, 2016 CVE Number CVE-2016-2378 DESCRIPTION A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially...

Libarchive 7zip read_SubStreamsInfo Code Execution Vulnerability

SUMMARY An exploitable \heap overflow vulnerability exists in the 7zip readSubStreamsInfo functionality of libarchive. A specially crafted 7zip file can cause a integer overflow resulting in memory corruption that can lead to code execution. An attacker can send a malformed file to trigger this...

Libarchive mtree parse_device Code Execution Vulnerability

SUMMARY An exploitable stack based buffer overflow vulnerability exists in the mtree parsedevice functionality of libarchive. A specially crafted mtree file can cause a buffer overflow resulting in memory corruption/code execution. An attacker can send a malformed file to trigger this...

Libarchive Rar RestartModel Code Execution Vulnerability

SUMMARY An exploitable heap overflow vulnerability exists in the Rar decompression functionality of libarchive. A specially crafted Rar file can cause a heap corruption eventually leading to code execution. An attacker can send a malformed file to trigger this vulnerability. TESTED VERSIONS...

Adobe Flash Player Infinite Recursion Arbitrary Read Access Violation

SUMMARY A potentially exploitable read access violation vulnerability exists in the a way Adobe Flash Player handles infinitely recursive calls. A specially crafted ActionScript code can cause a read access violation which can potentially be further abused. To trriger this vulnerability user...

Ruby pack_pack Use After Free Vulnerability

Talos Vulnerability Report TALOS-2016-0033 Ruby packpack Use After Free Vulnerability June 14, 2016 CVE Number CVE-2016-2338 DESCRIPTION An exploitable User After Free vulnerability exists in the packpack function of Ruby. In packpack function each element of array which should be “pack”, based o...

Ruby Fiddle::Function.new Heap Overflow Vulnerability

Talos Vulnerability Report TALOS-2016-0034 Ruby Fiddle::Function.new Heap Overflow Vulnerability June 14, 2016 CVE Number CVE-2016-2339 DESCRIPTION An exploitable heap overflow vulnerability exists in the Fiddle::Function.new “initialize” function functionality of Ruby. In Fiddle::Function.new...

Ruby WIN32OLE ole_invoke and ole_query_interface Type Confusion Vulnerabilities

Talos Vulnerability Report TALOS-2016-0029 Ruby WIN32OLE oleinvoke and olequeryinterface Type Confusion Vulnerabilities June 14, 2016 CVE Number CVE-2016-2336 DESCRIPTION Type Confusion exists in two methods of Ruby’s WIN32OLE class, oleinvoke and olequeryinterface. Attacker passing different typ...

Ruby Psych::Emitter start_document Heap Overflow Vulnerability

Talos Vulnerability Report TALOS-2016-0032 Ruby Psych::Emitter startdocument Heap Overflow Vulnerability June 14, 2016 CVE Number CVE-2016-2338 DESCRIPTION An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument...

Ruby TclTkIp ip_cancel_eval Type Confusion Vulnerabilities

Talos Vulnerability Report TALOS-2016-0031 Ruby TclTkIp ipcanceleval Type Confusion Vulnerabilities June 14, 2016 CVE Number CVE-2016-2337 DESCRIPTION Type Confusion exists in canceleval Ruby’s TclTkIp class method. Attacker passing different type of object than String as “retval” argument can...

Google Chrome PDFium jpeg2000 SIZ Code Execution Vulnerability

SUMMARY An exploitable heap buffer overflow vulnerability exists in the Pdfium PDF reader included in the Google Chrome web browser. A specially crafted PDF document with embedded jpeg2000 image can cause a heap buffer overflow potentially resulting in an arbitrary code execution. An attacker can...

IBM Domino KeyView PDF Filter Encrypted Stream Code Execution Vulnerability

Summary A stack overflow vulnerability present in the PDF filter of KeyView as used by Domino can lead to process crash and possible arbitrary code execution. Tested Versions KeyView 10.16 as used by IBM Domino 9.0.1 Product URLs http://www-03.ibm.com/software/products/en/ibmdomino Details While...

IBM Domino KeyView PDF Filter BaseFont Code Execution Vulnerability

Summary A heap buffer overflow vulnerability present in the PDF filter of KeyView as used by Domino can lead to arbitrary code execution. Tested Versions KeyView 10.16 as used by IBM Domino 9.0.1 Product URLs http://www-03.ibm.com/software/products/en/ibmdomino Details While parsing a specially...

IBM Domino KeyView PDF Filter Trailer ID Code Execution Vulnerability

SUMMARY A heap based buffer overflow vulnerability present in KeyView PDF filter as used by Domino can lead to remote arbitrary code execution. TESTED VERSIONS KeyView 10.16 as used by IBM Domino 9.0.1 PRODUCT URLs http://www-03.ibm.com/software/products/en/ibmdomino DETAILS While parsing an ID...

IBM Domino KeyView PDF Filter Stream Length Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0090 IBM Domino KeyView PDF Filter Stream Length Code Execution Vulnerability June 8, 2016 CVE Number CVE-2016-0278 Description An integer overflow vulnerability present in the PDF filter of KeyView as used by Domino can lead to process crash and possible...

ESnet iPerf3 JSON parse_string UTF Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0164 ESnet iPerf3 JSON parsestring UTF Code Execution Vulnerability June 8, 2016 CVE Number CVE-2016-4303 DESCRIPTION An exploitable remote code execution vulnerability exists in the JSON handling functionality of ESnet iPerf3. A specially crafted JSON string...

7zip UDF CInArchive::ReadFileItem Code Execution Vulnerability

Summary An out of bound read vulnerability exists in the CInArchive::ReadFileItem method functionality of 7zip for handling UDF files that can lead to denial of service or code execution. Tested Versions 7-Zip 32 15.05 beta 7-Zip 64 9.20 Product URLs http://www.7-zip.org/ Details...

7zip HFS+ NArchive::NHfs::CHandler::ExtractZlibFile Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0093 7zip HFS+ NArchive::NHfs::CHandler::ExtractZlibFile Code Execution Vulnerability May 10, 2016 CVE Number CVE-2016-2334 DESCRIPTION An exploitable heap overflow vulnerability exists in the NArchive::NHfs::CHandler::ExtractZlibFile method functionality of...