77 matches found
CVE-2005-0605
The CVE-2005-0605 issue concerns LibXPM’s scan.c where a negative bitmap_unit value can cause a buffer overflow, allowing arbitrary code execution. Connected sources confirm LibXPM involvement and link to patches/advisories; for Solaris SPARC, patch 119063-01 (libXpm patch) is cited as remediatio...
CVE-2004-0557
CVE-2004-0557 covers two buffer overflows in SoX (St_WavStartRead in wav.c) affecting 12.17.2–12.17.4. A remote attacker could execute arbitrary code by feeding a specially crafted WAV header. Public docs identify the vulnerable function and the header-field handling as the root cause; affected v...
CVE-2004-1154
Samba vulnerability CVE-2004-1154 affects Samba 2.x and 3.0.x up to 3.0.9. The issue is a heap-based buffer overflow triggered by a Samba request carrying a very large number of security descriptors, leading to remote authentication and potentially code execution via an overflow, with denial of s...
CVE-2004-0595
The CVE-2004-0595 issue affects PHP’s strip_tags function in PHP 4.x (up to 4.3.7) and 5.x (up to 5.0.0RC3). The vulnerability arises because null characters (\0) in tag names are not filtered when restricting input to allowed tags, allowing dangerous tags to slip through and be processed by brow...
CVE-2004-0930
CVE-2004-0930 affects Samba 3.0.4, 3.0.7 (and possibly other versions). The issue is in the ms_fnmatch function, allowing remote authenticated users to cause high CPU denial of service via a SAMBA request containing multiple asterisks (*) in the wildcard pattern. The provided documents confirm th...
CVE-2004-1235
CVE-2004-1235 documents a race condition in the Linux kernel (load_elf_library and binfmt_aout paths used by uselib) affecting 2.4 (through 2.429-rc2) and 2.6 (through 2.6.10). Exploitation allows a local user to execute arbitrary code by manipulating the VMA descriptor. The initial description p...
CVE-2005-3624
CVE-2005-3624 affects multiple PDF tools (xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is in CCITTFaxDecode handling in Stream.cc, where negative or very large integers can trigger integer overflows/underflows, leading to heap corruption. The documented impact...
CVE-2005-0750
CVE-2005-0750 affects the Bluetooth driver in the Linux kernel (2.4.6–2.4.30-rc1 and 2.6–2.6.11.5). The bluez_sock_create function fails to validate a negative protocol value, allowing a local user to gain privileges via a crafted socket or socketpair call. Public details appear in multiple advis...
CVE-2005-1267
The CVE-2005-1267 issue affects the BGP dissector in tcpdump (v3.x). The vuln arises when bgp_update_print fails to handle a -1 return from decode_prefix4, enabling a remote attacker to trigger a denial-of-service via an infinite loop by sending a crafted BGP packet. The impact is a DoS on affect...
CVE-2004-0234
CVE-2004-0234: LHA 1.14 contains multiple stack-based buffer overflows in get_header() of header.c, allowing remote attackers or local users to execute arbitrary code via long directory/file names in an LHA archive. The issue affects LHA as used in products such as Barracuda Spam Firewall; overfl...
CVE-2004-1012
CVE-2004-1012 affects Cyrus IMAP Server 2.2.6 and earlier. The vulnerability arises in the PARTIAL command argument parsing: a command like body[ p is treated as body.peek, triggering an index increment error and out-of-bounds memory corruption that enables remote authenticated code execution. Co...
CVE-2006-0745
The CVE concerns the X.Org X Server (xorg-server) 1.0.0 and later (X11R6.9.0, X11R7.0) where a faulty check tests the address of geteuid instead of the function result, allowing a local user to bypass restrictions and perform a Local Privilege Escalation. Impact described across sources: an unpri...
CVE-2004-0882
CVE-2004-0882 describes a buffer overflow in Samba 3.0.x through 3.0.7 in the QFILEPATHINFO request handler. The overflow can be triggered by a TRANSACT2_QFILEPATHINFO request with a small maximum data bytes value, potentially allowing a remote attacker to execute arbitrary code on the Samba serv...
CVE-2004-1011
CVE-2004-1011 describes a stack-based overflow in Cyrus IMAP Server 2.2.4–2.2.8 when the imapmagicplus option is enabled. The overflow occurs in handling long PROXY or LOGIN commands, due to copying the username into a small stack buffer without proper length checks, allowing a remote attacker to...
CVE-2004-0889
CVE-2004-0889 involves multiple integer overflows in xpdf 3.0 and in code paths that reuse xpdf (e.g., in CUPS) that can be exploited remotely to crash the service (DoS) and potentially execute arbitrary code. The description confirms a remote impact and the possibility of code execution, tied to...
CVE-2005-0206
Technical details about CVE-2005-0206 are not provided in the connected documents. Available sources reference related issues (CVE-2004-0888) and patch notes without explicit impact, affected products, or fixes for this CVE.
CVE-2007-1352
The CVE-2007-1352 issue is an integer overflow in the FontFileInitTable function of X.Org libXfont before 20070403. The vulnerability allows remote authenticated users to cause a heap overflow by placing a long first line in the fonts.dir file, potentially enabling arbitrary code execution. Affec...
CVE-2005-0736
CVE-2005-0736 entry is rejected/not used and does not represent an active vulnerability.
CVE-2004-0235
CVE-2004-0235 impacts LHa (LHA) 1.14.x releases. Multiple directory traversal vulnerabilities allow remote attackers or local users to create arbitrary files via an archive containing filenames with .. sequences or absolute paths (//absolute/path). The issue affects LHA 1.14 (and related variants...
CVE-2004-0803
CVE-2004-0803 affects the libtiff RLE decoders in libtiff 3.6.x and earlier, with buffer overflows and integer overflow issues that could allow a remote attacker to execute arbitrary code by feeding a crafted TIFF file. The connected advisories (RHSA/CESA/CENTA, Slackware/Tenable/NASL entries) in...
CVE-2004-1073
The CVE-2004-1073 entry affects the Linux kernel (2.4.x up to 2.4.27 and 2.6.x up to 2.6.8). It is caused by the open_exec path of the execve functionality (exec.c), where the interpreter (PT_INTERP) handling can allow local users to read non-readable ELF binaries. The description specifies local...
CVE-2004-0914
Concrete details: CVE-2004-0914 concerns multiple vulnerabilities in libXpm (as used by XFree86/X.Org) including integer overflows, out-of-bounds reads, directory traversal, shell metacharacter issues, endless loops, and memory leaks in parsing XPM images. If exploited via a crafted XPM file, rem...
CVE-2004-0949
CVE-2004-0949 affects the Samba filesystem smbfs in Linux kernel 2.4/2.6, where smb_recv_trans2 fails to reassemble fragmented packets, allowing a remote attacker via the network to read arbitrary kernel information or to inflate a counter by replaying the first fragment. Public advisories (RHSA,...
CVE-2005-0109
Technical details for CVE-2005-0109 are not provided in the supplied documents. The set includes historical references and later OpenSSL advisories, but no specific product, root cause, impact, or fix details here. Monitor for updates.
CVE-2004-0883
CVE-2004-0883 concerns multiple vulnerabilities in the Samba filesystem (smbfs) within the Linux kernel (versions 2.4 and 2.6). The description states that remote Samba servers could cause a denial of service (kernel crash) or information disclosure by triggering one of several flawed packet-hand...
CVE-2004-1335
The CVE-2004-1335 entry describes a memory leak in the Linux kernel’s ip_options_get function (pre-2.6.10) that can cause local denial of service via repeated ip_cmsg_send calls. Affected component is the kernel networking stack; impact is partial availability due to memory exhaustion. The vulner...
CVE-2005-3625
CVE-2005-3625 is confirmed to affect Xpdf and related tools (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is a denial-of-service in PDF stream handling where streams that end prematurely can cause an infinite loop, demonstrated for the CCITTFaxDecode and DCTDecode s...
CVE-2005-3626
CVE-2005-3626 affects Xpdf and related components (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The vulnerability arises from a crafted FlateDecode stream that triggers a null dereference, leading to a denial of service (crash). The connected Nessus entry (NEWSTART_CGSL_NS-SA...
CVE-2004-0888
CVE-2004-0888 : Multiple integer overflows in xpdf (v2.0/v3.0) and in code that uses xpdf (e.g., CUPS, gpdf, kdegraphics) allow remote attackers to crash services and possibly execute arbitrary code. Some reports note 64-bit builds can exacerbate the overflow (pdftops/filter path). Remediation is...
CVE-2004-1072
CVE-2004-1072 describes a vulnerability in the Linux kernel where the binfmt_elf loader (binfmt_elf.c) may create an interpreter name string that is not NULL terminated, allowing strings longer than PATH_MAX to be used. This can cause buffer overflows that may lead to a local denial of service (h...
CVE-2004-0886
CVE-2004-0886 is a libtiff integer overflow issue (v3.6.1 and earlier) that allows a remote attacker to crash or memory-corrupt a target via crafted TIFF images, due to incorrect malloc calls. Multiple advisories (RH/RHSA, CentOS, Slackware, Mandrake) note libtiff-related fixes; updates/patches e...
CVE-2005-0156
The CVE-2005-0156 issue affects Perl 5.8.0 when built with setuid support (sperl). The vulnerability is a buffer overflow in the PerlIO implementation that can be triggered by setting PERLIO_DEBUG and running a Perl script whose full pathname has a long directory tree. This allows local users to ...
CVE-2004-0827
CVE-2004-0827 affects ImageMagick 5.x before 5.4.4 and 6.x before 6.0.6.2, with remote denial of service and potential arbitrary code execution via malformed AVI, BMP, or DIB files. Multiple connected advisories (Ubuntu USN-35-1, Debian DSA 547-1, Red Hat RHSA-2004:480/636, etc.) corroborate buff...
CVE-2004-1070
Technical details (affected kernel versions, vulnerable component, impact, or remediation) are not publicly available in the provided documents. Monitor for updates.
CVE-2006-6235
The CVE-2006-6235 vulnerability is a stack overwrite flaw in GnuPG (gpg) affecting 1.x versions before 1.4.6, 2.x before 2.0.2, and 1.9.0–1.9.95. A crafted OpenPGP packet can cause GnuPG to dereference a function pointer from deallocated stack memory, enabling arbitrary code execution. Multiple a...
CVE-2004-0904
CVE-2004-0904 : Integer overflow in the BMP decoder can trigger heap-based buffer overflows, enabling remote code execution. Affected products are Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8. Remediation is to apply fixes/updates released after the...
CVE-2005-0085
The CVE-2005-0085 entry concerns ht://dig (htdig) prior to version 3.1.6-r7, which is vulnerable to cross-site scripting (XSS). The root cause is that the config parameter is not properly sanitized before being displayed in an error message, allowing a remote attacker to trigger arbitrary web scr...
CVE-2004-0817
CVE-2004-0817 describes multiple heap-based buffer overflows in the imlib BMP image handler that allow remote attackers to execute arbitrary code via a crafted BMP file. Connected advisories confirm the affected component is imlib/imlib2 BMP decoding code and reference vendor/security updates (e....
CVE-2004-0903
CVE-2004-0903 describes a stack-based buffer overflow in the writeGroup function of nsVCardObj.cpp, affecting Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8. An attacker could remotely execute arbitrary code by processing malformed VCard attachments d...
CVE-2004-0986
The CVE-2004-0986 issue affects iptables before 1.2.11, where under certain conditions the required modules fail to load at system startup, causing firewall rules to not be loaded and leaving the system potentially exposed to remote attackers. Connected advisories (SUSE, Debian DSA-580-1, Ubuntu ...
CVE-2004-0802
CVE-2004-0802 affects imlib2’s BMP loader and is caused by a buffer overflow in the BMP loading path. The vulnerability allows remote attackers to execute arbitrary code by delivering a specially crafted BMP image, and it is confined to imlib2 versions before 1.1.2 (distinct from CVE-2004-0817). ...
CVE-2004-0918
CVE-2004-0918: Squid’s SNMP parser (asn_parse_header in asn1.c) before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) by sending SNMP packets with negative length fields that trigger a memory allocation error. The issue yields a partial availability impact and i...
CVE-2004-0460
ISC DHCP 3.0.1rc12 and 3.0.1rc13 are affected by a buffer overflow in the DHCPD logging path when processing multiple hostname options in DISCOVER/OFFER/REQUEST/ACK/NAK, potentially enabling remote code execution and denial of service. The issue stems from long hostname options being concatenated...
CVE-2004-0902
The CVE-2004-0902 entry refers to multiple heap-based buffer overflows in Mozilla Firefox and Mozilla suite components (Firefox before the Preview Release, Mozilla before 1.7.3, Thunderbird before 0.8). The issues allow remote attackers to cause an application crash (DoS) or execute arbitrary cod...
CVE-2004-0619
CVE-2004-0619 involves an integer overflow in the ubsec_keysetup function of the Broadcom 5820 cryptonet driver used with Linux. The issue allows a local attacker to cause a denial of service (crash) and potentially gain code execution via a negative add_dsa_buf_bytes, resulting in a buffer overf...
CVE-2004-1013
CVE-2004-1013 affects Cyrus IMAP Server 2.2.x–2.2.8. The argument parser for FETCH can be exploited by remote authenticated users through commands such as body[p or binary[p, triggering an index increment error that causes out-of-bounds memory corruption and allows arbitrary code execution. The v...
CVE-2004-0989
CVE-2004-0989 affects libxml versions prior to 2.6.14. Multiple remote-buffer overflow flaws in FTP/HTTP URL handling and DNS processing could allow arbitrary code execution. Root causes include overflows in xmlNanoFTPScanURL, xmlNanoFTPScanProxy, and DNS length handling (xmlNanoFTPConnect, xmlNa...
CVE-2005-0373
CVE-2005-0373 describes a buffer overflow in Cyrus-SASL’s DIGEST-MD5 implementation (digestmd5.c, CVS release 1.170, also referred to as digestmda5.c) that was not part of official releases. The flaw allows remote attackers to execute arbitrary code by triggering the overflow in the Digest-MMD5 S...
CVE-2004-1067
CVE-2004-1067 affects Cyrus IMAP Server 2.2.9 and earlier due to an off-by-one error in mysasl_canon_user, causing a buffer overflow that could allow remote code execution via the username. Multiple connected advisories confirm the issue and indicate mitigation via updates; OpenVAS notes Cyrus IM...
CVE-2004-1269
CVE-2004-1269 affects CUPS 1.1.22 where the lppasswd path does not remove passwd.new when a file-size resource limit is hit during writing passwd.new, causing subsequent lppasswd invocations to fail. The vulnerability is documented across multiple advisories and issue trackers related to CUPS and...