<< Previous Next >>
integer overflow
led to a buffer overflow. The missing check for negative size values
meant the Python memory allocator could allocate less memory than
expected. This could result in arbitrary code execution with the
Python interpreter's privileges.
Multiple buffer and integer overflow flaws were found in the Python
Unicode string processing and in the Python Unicode and string
object implementations. An attacker could use these flaws to cause
a denial of service.
Multiple integer overflow flaws were found in the Python imageop
--------------------------------------------------------------------------------------
* Ghostscript library Ins_MINDEX() off by one, *
* integer overflow and heapcorruption *
--------------------------------------------------------------------------------------
--[ Vulnerability Summary:
Date Published: 31/08/2010
Last Update: 31/08/2010
(2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or
(5) %20 (encoded space) character in the URI, possibly related to
the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new
functionality and the :DocumentRoot option. (CVE-2008-1891)
Multiple integer overflows in the rb_str_buf_append function in
Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before
1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2
allow context-dependent attackers to execute arbitrary code or
cause a denial of service via unknown vectors that trigger memory
corruption. (CVE-2008-2662)
systems that support backslash (\) path separators or case-insensitive
file names, allows remote attackers to access arbitrary files via
(1) ..%5c (encoded backslash) sequences or (2) filenames that match
patterns in the :NondisclosureName option. (CVE-2008-1145)
Multiple integer overflows in the rb_str_buf_append function in
Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before
1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2
allow context-dependent attackers to execute arbitrary code or
cause a denial of service via unknown vectors that trigger memory
corruption, a different issue than CVE-2008-2663, CVE-2008-2664,
Problem Description:
Multiple vulnerabilities has been found and corrected in kpdf
(kdegraphics):
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc
in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in
GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote
attackers to execute arbitrary code via a crafted PDF document that
triggers a heap-based buffer overflow (CVE-2009-3608).
independent project of C and C++ programmers, technical advisors and
supporters developing and enhancing a multi-platform relational database
management system based on the source code released by Inprise Corp (now
known as Borland Software Corp) on 25 July, 2000.
The Firebird database manager contains an Integer Overflow in the
processing of certain tags on the XDR protocol used for communication
with the server. This led the server to corrupt the process memory and
crash. Repeated attempts are followed by a crash of the process in
charge of restarting the database server. This may also grant attackers
remote execution of arbitrary code on servers running Firebird.
Heap-based overflow allows remote attackers to execute arbitrary
code by using crafted media files. This vulnerability is in the
manipulation of ID3 audio file data tagging mainly used in MP3 file
formats (CVE-2008-5246).
Integer overflow in the qt_error parse_trak_atom function in
demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote
attackers to execute arbitrary code via a Quicktime movie file with a
large count value in an STTS atom, which triggers a heap-based buffer
overflow (CVE-2009-1274)
VUPEN Security Research - Adobe Acrobat and Reader U3D Integer Overflow
Vulnerability
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Adobe Acrobat and Reader are the global standards for electronic document
Linux kernel before 2.6.22.17, when using certain drivers that register
a fault handler that does not perform range checks, allows local users
to access kernel memory via an out-of-range offset. (CVE-2008-0007)
Integer overflow in the hrtimer_start function in kernel/hrtimer.c
in the Linux kernel before 2.6.23.10 allows local users to execute
arbitrary code or cause a denial of service (panic) via a large
relative timeout value. NOTE: some of these details are obtained from
third party information. (CVE-2007-5966)
: Bugtraq ID: 28629 28632 28633
: CVE Name: CVE-2008-1035 CVE-2008-2006 CVE-2008-2007
: 1) Null pointer de-reference #1 (Bugtraq ID 28629, CVE-2008-2006)
:
: The 'COUNT' value causes an integer overflow, which leads to a null
: 2) Null pointer dereference #2 (Bugtraq ID 28632, CVE-2008-2006)
:
: The 'TRIGGER' value causes a null pointer dereference when iCal tries
ZDI-09-093: Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-093
December 9, 2009
-- CVE ID:
CVE-2009-3799
-- Affected Vendors:
Adobe
Multiple Vendor OpenOffice TIFF File Parsing Multiple Integer Overflow
Vulnerabilities
iDefense Security Advisory 09.17.07
http://labs.idefense.com/intelligence/vulnerabilities/
Sep 17, 2007
I. BACKGROUND
OpenOffice is an open-source desktop office suite for many of today's
------------------------------------------------------------------------
.NET Framework EncoderParameter integer overflow vulnerability
------------------------------------------------------------------------
Yorick Koster, September 2011
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
An integer overflow vulnerability has been discovered in the
EncoderParameter class of the .NET Framework. Exploiting this
- xine-lib before 1.1.15 allows remote attackers to cause a denial
of service (crash) via mp3 files with metadata consisting only of
separators (CVE-2008-5248)
- Integer overflow in the qt_error parse_trak_atom function in
demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote
attackers to execute arbitrary code via a Quicktime movie file with a
large count value in an STTS atom, which triggers a heap-based buffer
overflow (CVE-2009-1274)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Python: PCRE Integer overflow
Date: February 23, 2008
Bugs: #198373
ID: 200802-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://www.debian.org/security/ Steffen Joeris
May 10, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : pango1.0
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2009-1194
Debian Bugs : 527474
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability
http://risesecurity.org/advisory/RISE-2007004/
Published: November 16, 2007
Updated: November 16, 2007
INTRODUCTION
with a long password delivered in the second request, the long password
will overflow a stack-based buffer used for the destination of the
password string, causing an exploitable condition.
Vulnerability #3: Authentication Password Integer Overflow
Another stack-based overflow exists within the authentication portion of
rxRPC.dll which is accessible via TCP/1900. A sample legitimate
authentication request with a useless password resembles the following:
1: 0000000030rxrLogin~~administrator~~18
Affected: 2007.0, 2007.1, Corporate 4.0
_______________________________________________________________________
Problem Description:
Maurycy Prodeus found an integer overflow vulnerability in the way
various PDF viewers processed PDF files. An attacker could create
a malicious PDF file that could cause tetex to crash and possibly
execute arbitrary code open a user opening the file.
In addition, tetex contains an embedded copy of the GD library which
Luca Carettoni discovered that the PHP Exif extension performs an
incorrect cast on 64bit platforms, which allows a remote attacker
to cause a denial of service (application crash) via an image with
a crafted Image File Directory (IFD). (CVE-2011-0708)
Jose Carlos Norte discovered that an integer overflow in the PHP
shmop extension could allow an attacker to cause a denial of service
(crash) and possibly read sensitive memory function. (CVE-2011-1092)
Felipe Pena discovered that a use-after-free vulnerability in the
substr_replace function allows an attacker to cause a denial of
http://www.debian.org/security/ Moritz Muehlenhoff
July 28, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libsndfile
Vulnerability : integer overflow
Problem type : local(remote)
Debian-specific: no
CVE ID : CVE-2011-2696
Hossein Lotfi discovered an integer overflow in libsndfile's code to
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Poppler is vulnerable to an integer overflow and a stack overflow.
Background
==========
Poppler is a cross-platform PDF rendering library originally based on
execution of arbitrary code. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2006-2662
Drew Yao discovered that multiple integer overflows in the string
processing code may lead to denial of service and potentially the
execution of arbitrary code.
CVE-2008-2663
RRULE:FREQ=DAILY;INTERVAL=1;COUNT=2147483646
- -----------/
The 'COUNT' value causes an integer overflow, which leads to a null
pointer dereference when iCal tries to use it after the .ics file is
imported.
The following Proof of Concept (PoC) file is provided to demonstrate
its feasibility, to trigger the bug import a .ics file with the
======================================================================
Secunia Research 28/04/2009
- HP OpenView Network Node Manager "ovalarmsrv" Integer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
ZDI-11-264: Symantec Veritas Storage Foundation vxsvc.exe Value Unpacking Integer Overflow Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-264
August 16, 2011
-- CVE ID:
CVE-2011-0547
-- CVSS:
http://www.debian.org/security/ Moritz Muehlenhoff
February 15, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libpng
Vulnerability : integer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-3026
Jueri Aedla discovered an integer overflow in the libpng PNG library,
ESX any ESX not affected
d. Update to Freetype
FreeType 2.3.6 resolves an integer overflow vulnerability and other
vulnerabilities that can allow malicious users to run arbitrary code
or might cause a denial-of-service after reading a maliciously
crafted file. This release updates FreeType to 2.3.7.
The Common Vulnerabilities and Exposures Project (cve.mitre.com)
VUPEN Security Research - Apple Safari WebKit Block Dimensions Handling
Integer Overflow
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Apple Safari is a web browser developed by Apple. As of February 2010,
=======
Summary
=======
Name: Apple Mac OS X ImageIO TIFF Integer Overflow
Release Date: 28 June 2011
Reference: NGS00057
Discoverer: Dominic Chell <dominic.chell@ngssecure.com>
Vendor: Apple
Vendor Reference: 142522746
Systems Affected: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6. This issue does not affect systems prior to Mac OS X v10.6
<<Previous Next>>
|
