Apple Quicktime mdat Corruption Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2015-0017 Apple Quicktime mdat Corruption Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3792 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the content of the mdat section of a .mov file...

Apple Quicktime Invalid 3GPP stsd Sample Description Entry Size Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2015-0013 Apple Quicktime Invalid 3GPP stsd Sample Description Entry Size Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3789 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the number of...

Apple Quicktime Invalid mvhd Atom Size Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2015-0014 Apple Quicktime Invalid mvhd Atom Size Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3790 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the size of an mvhd atom can cause an...

Apple Quicktime esds Atom Descriptor Type Length Mismatch Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2015-0015 Apple Quicktime esds Atom Descriptor Type Length Mismatch Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3791 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the elementary video...

Apple Quicktime Invalid URL Atom Size Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2015-0012 Apple Quicktime Invalid URL Atom Size Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3788 Description An exploitable denial of service vulnerability exists in Apple Quicktime. An attacker who can control the size of a “url” atom in a...

Apple Quicktime tkhd Atom Matrix Corruption Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2015-0016 Apple Quicktime tkhd Atom Matrix Corruption Denial of Service Vulnerability July 20, 2015 CVE Number CVE-2015-5786 Description An exploitable denial of service vulnerability exists in Apple Quicktime. An attacker who can control the values in the matrix...

Total Commander FileInfo Plugin Multiple Denial of Service Vulnerabilities

Talos Vulnerability Report TALOS-2015-0024 Total Commander FileInfo Plugin Multiple Denial of Service Vulnerabilities July 16, 2015 CVE Number CVE-2015-2869 Description Multiple exploitable denial of service vulnerabilities exist in the FileInfo Plugin for Total Commander. An attacker who can...

Apple Quicktime Corrupt stbl Atom Remote Code Execution Vulnerability

Talos Vulnerability Report TALOS-2015-0018 Apple Quicktime Corrupt stbl Atom Remote Code Execution Vulnerability June 30, 2015 CVE Number CVE-2015-3667 Description There is a remote code execution vulnerability in Apple Quicktime. An attacker who can control the data inside an stbl atom in a .mov...

Pidgin libpurple STUN Response Length NULL Write Vulnerability

Talos Vulnerability Report VRT-2014-0202 Pidgin libpurple STUN Response Length NULL Write Vulnerability May 11, 2015 Description A exploitable NULL write vulnerability exists in Pidgin’s implementation of the STUN protocol in the libpurple library. An attacker who can control the response to a ST...

Pidgin libpurple MSN Message Parsing NULL Dereference Denial of Service Vulnerability

Talos Vulnerability Report VRT-2014-0201 Pidgin libpurple MSN Message Parsing NULL Dereference Denial of Service Vulnerability May 11, 2015 Description A exploitable denial of service vulnerability exists in Pidgin’s implem ntation of the MSN Messenger protocol in the libpurple library. An attack...

Pidgin libpurple Mxit Emoticon ASN Length Denial of Service Vulnerability

Talos Vulnerability Report VRT-2014-0203 Pidgin libpurple Mxit Emoticon ASN Length Denial of Service Vulnerability November 6, 2014 CVE Number CVE-2014-3695 Description An exploitable denial of service vulnerability exists in Pidgin’s implementation of the Mxit protocol in the libpurple library. ...

Pidgin libpurple Novell Protocol Multiple Denial of Service Vulnerabilities

Talos Vulnerability Report VRT-2014-0204 Pidgin libpurple Novell Protocol Multiple Denial of Service Vulnerabilities November 6, 2014 CVE Number CVE-2014-3696 Description Several exploitable denial of service vulnerabilities exist in Pidgin’s implementation of the Novell protocol in the libpurple...

Pidgin Theme/Smiley Untar Arbitrary File Write Vulnerability

Talos Vulnerability Report VRT-2014-0205 Pidgin Theme/Smiley Untar Arbitrary File Write Vulnerability November 6, 2014 CVE Number CVE-2014-3697 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of the TAR archive parsing functionality. An attacker wh...

Microsoft Windows FastFAT NumberOfFATs Buffer Overflow Vulnerability

Talos Vulnerability Report VRT-2014-0301 Microsoft Windows FastFAT NumberOfFATs Buffer Overflow Vulnerability March 7, 2014 CVE Number CVE-2014-4115 Description An exploitable local privileged code execution vulnerability exists in the Microsoft Windows FastFAT system driver. The FastFAT system...

Pidgin libpurple SIP/SIMPLE Content-Length Integer Overflow Vulnerability

Talos Vulnerability Report VRT-2013-1004 Pidgin libpurple SIP/SIMPLE Content-Length Integer Overflow Vulnerability January 26, 2014 CVE Number CVE-2013-6490 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of SIP/SIMPLE message handling. An attacker...

Pidgin libpurple Mxit Emoticon Name Length Integer Overflow Vulnerability

Talos Vulnerability Report VRT-2013-1002 Pidgin libpurple Mxit Emoticon Name Length Integer Overflow Vulnerability January 26, 2014 CVE Number CVE-2013-6489 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of the Mxit protocol in the libpurple...

Pidgin for Windows URL Handling Remote Code Execution Vulnerability

Talos Vulnerability Report VRT-2013-1003 Pidgin for Windows URL Handling Remote Code Execution Vulnerability January 26, 2014 CVE Number CVE-2013-6486 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of HTTP URL handling. An attacker can supply a...

Pidgin libpurple Gadu Gadu HTTP Content-Length Integer Overflow Vulnerability

Talos Vulnerability Report VRT-2013-1001 Pidgin libpurple Gadu Gadu HTTP Content-Length Integer Overflow Vulnerability January 26, 2014 CVE Number CVE-2013-6487 Description An exploitable remote code execution vulnerability exists in Pidgin’’s implementation of the Gadu Gadu protocol in the...