Next Page >>
Arbitrary Code
to cause a denial of service (crash) via a crafted PDF file that
triggers a free of uninitialized memory (CVE-2009-0166).
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9,
and probably other products, allows remote attackers to execute
arbitrary code via a PDF file with crafted JBIG2 symbol dictionary
segments (CVE-2009-0195).
The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers
to cause a denial of service (crash) via a crafted PDF file that
triggers an out-of-bounds read (CVE-2009-0799).
An out-of-bounds reading flaw in the JBIG2 decoder allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0799).
Multiple input validation flaws in the JBIG2 decoder allows
remote attackers to execute arbitrary code via a crafted PDF file
(CVE-2009-0800).
An integer overflow in the JBIG2 decoder allows remote attackers to
execute arbitrary code via a crafted PDF file (CVE-2009-1179).
CVE-2008-0016
Justin Schuh, Tom Cross and Peter Williams discovered a buffer
overflow in the parser for UTF-8 URLs, which may lead to the
execution of arbitrary code. (MFSA 2008-37)
CVE-2008-0304
It was discovered that a buffer overflow in MIME decoding can lead
to the execution of arbitrary code. (MFSA 2008-26)
An out-of-bounds reading flaw in the JBIG2 decoder allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0799).
Multiple input validation flaws in the JBIG2 decoder allows
remote attackers to execute arbitrary code via a crafted PDF file
(CVE-2009-0800).
An integer overflow in the JBIG2 decoder allows remote attackers to
execute arbitrary code via a crafted PDF file (CVE-2009-1179).
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
earlier allows remote attackers to cause a denial of service (daemon
crash) and possibly execute arbitrary code via a crafted TIFF image,
which is not properly handled by the (1) _cupsImageReadTIFF function
in the imagetops filter and (2) imagetoraster filter, leading to a
heap-based buffer overflow. (CVE-2009-0163)
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
earlier allows remote attackers to cause a denial of service (daemon
crash) and possibly execute arbitrary code via a crafted TIFF image,
which is not properly handled by the (1) _cupsImageReadTIFF function
in the imagetops filter and (2) imagetoraster filter, leading to a
heap-based buffer overflow. (CVE-2009-0163)
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
earlier allows remote attackers to cause a denial of service (daemon
crash) and possibly execute arbitrary code via a crafted TIFF image,
which is not properly handled by the (1) _cupsImageReadTIFF function
in the imagetops filter and (2) imagetoraster filter, leading to a
heap-based buffer overflow. (CVE-2009-0163)
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
Details follow:
Alin Rad Pop discovered an array index vulnerability in the SDP
parser. If a user or automated system were tricked into opening a
malicious RTSP stream, a remote attacker may be able to execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2008-0073)
Luigi Auriemma discovered that xine-lib did not properly check
buffer sizes in the RTSP header-handling code. If xine-lib opened an
RTSP stream with crafted SDP attributes, a remote attacker may be
and Exposures project identifies the following problems:
CVE-2010-0183
"wushi" discovered that incorrect pointer handling in the frame
processing code could lead to the execution of arbitrary code.
CVE-2010-1196
"Nils" discovered that an integer overflow in DOM node parsing could
lead to the execution of arbitrary code.
following problems:
CVE-2009-0945
Array index error in the insertItemBefore method in WebKit, as used in qt4-x11,
allows remote attackers to execute arbitrary code.
CVE-2009-1687
The JavaScript garbage collector in WebKit, as used in qt4-x11 does not
Failure on manipulation of either MNG or Real or MOD files can lead
remote attackers to cause a denial of service by using crafted files
(CVE: CVE-2008-5233).
Heap-based overflow allows remote attackers to execute arbitrary
code by using Quicktime media files holding crafted metadata
(CVE-2008-5234).
Heap-based overflow allows remote attackers to execute arbitrary code
by using either crafted Matroska or Real media files (CVE-2008-5236).
the following problems:
CVE-2009-0945
Array index error in the insertItemBefore method in WebKit, allows remote
attackers to execute arbitrary code via a document with a SVGPathList data
structure containing a negative index in the SVGTransformList, SVGStringList,
SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object,
which triggers memory corruption.
Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-3231)
It was discovered that the MNG, MOD, and Real demuxers in xine-lib did not
correctly handle memory allocation failures. If a user or automated system were
tricked into opening a specially crafted MNG, MOD, or Real file, an attacker
could crash xine-lib or possibly execute arbitrary code with the privileges of
the user invoking the program. This issue only applied to Ubuntu 6.06 LTS, 7.10,
and 8.04 LTS. (CVE-2008-5233)
It was discovered that the QT demuxer in xine-lib did not correctly handle
an invalid metadata atom size, resulting in a heap-based buffer overflow. If a
users for requests that were initiated by a plugin and received a
307 redirect to a page on a different web site. (CVE-2011-0059)
Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird
before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers
to execute arbitrary code or cause a denial of service (application
crash) via a crafted JPEG image. (CVE-2011-0061)
The nsIScriptableUnescapeHTML.parseFragment method in the
ParanoidFragmentSink protection mechanism in Mozilla Firefox before
3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0,
and SeaMonkey before 2.4 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors (CVE-2011-2995).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow
remote attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
Heap-based buffer overflow in the utf16_to_isolatin1 function in
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,
Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and
SeaMonkey before 2.10 allows remote attackers to execute arbitrary
code via vectors that trigger a character-set conversion failure
(CVE-2012-1947)
Use-after-free vulnerability in the nsFrameList::FirstChild function
in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,
Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and
Heap-based buffer overflow in the utf16_to_isolatin1 function in
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,
Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and
SeaMonkey before 2.10 allows remote attackers to execute arbitrary
code via vectors that trigger a character-set conversion failure
(CVE-2012-1947)
Use-after-free vulnerability in the nsFrameList::FirstChild function
in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,
Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and
.text:10001220 push eax
.text:10001221 call ZwQueryObject ; query object
name information
---
Arbitrary code execution is probably impossible, since an attacker
does not control content which will be written to the pointers under
user's control.
These drivers are only present after installation of the application -
after reboot they are not loaded. There is strong possibility that
Denial of Service (DoS), Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02067559
Version: 1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01820968
Version: 1
HPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux (ICE-LX) Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS), and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-08-12
Last Updated: 2009-08-12
Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01697543
Version: 2
certain calls to the focus method (CVE-2010-1125).
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function
in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4,
Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote
attackers to execute arbitrary code via a DOM node with a long text
value that triggers a heap-based buffer overflow (CVE-2010-1196).
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and
SeaMonkey before 2.0.5, does not properly handle situations in which
both Content-Disposition: attachment and Content-Type: multipart are
to cause a denial of service (crash) via a crafted PDF file that
triggers a free of uninitialized memory (CVE-2009-0166).
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9,
and probably other products, allows remote attackers to execute
arbitrary code via a PDF file with crafted JBIG2 symbol dictionary
segments (CVE-2009-0195).
Buffer overflow in BibTeX 0.99 allows context-dependent attackers to
cause a denial of service (memory corruption and crash) via a long
.bib bibliography file (CVE-2009-1284).
Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19
process e-mail attachments with a parser that performs casts and
line termination incorrectly, which allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted message, related to message indexing
(CVE-2009-0689).
Integer overflow in a base64 decoding function in Mozilla Firefox
before 3.0.12 and Thunderbird allows remote attackers to cause a
denial of service (memory corruption and application crash) or possibly
CVE-2008-6071 CVE-2008-6072 CVE-2008-6621 CVE-2009-1882
Debian Bugs : 414370 417862 444266 491439 530946
Several vulnerabilities have been discovered in graphicsmagick, a
collection of image processing tool, which can lead to the execution
of arbitrary code, exposure of sensitive information or cause DoS.
The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-1667
CVE-2007-4987 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097
CVE-2009-1882
Debian Bug : 418057 412945 444267 530838
Several vulnerabilities have been discovered in the imagemagick image
manipulation programs which can lead to the execution of arbitrary code,
exposure of sensitive information or cause DoS. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2007-1667
CVE-2008-1768
Drew Yao discovered that multiple integer overflows in the MP4 demuxer,
Real demuxer and Cinepak codec can lead to the execution of arbitrary
code.
CVE-2008-1769
Drew Yao discovered that the Cinepak codec is prone to a memory
corruption, which can be triggered by a crafted Cinepak file.
Details follow:
It was discovered that Ghostscript contained a buffer underflow in its
CCITTFax decoding filter. If a user or automated system were tricked into
opening a crafted PDF file, an attacker could cause a denial of service or
execute arbitrary code with privileges of the user invoking the program.
(CVE-2007-6725)
It was discovered that Ghostscript contained a buffer overflow in the
BaseFont writer module. If a user or automated system were tricked into
opening a crafted Postscript file, an attacker could cause a denial of
Problem Description:
Multiple vulnerabilities was discovered and corrected in the
OpenOffice.org:
Integer overflow allows remote attackers to execute arbitrary code
via a crafted XPM file that triggers a heap-based buffer overflow
(CVE-2009-2949).
Heap-based buffer overflow allows remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code
Problem Description:
Heap-based buffer overflow in the rmff_dump_cont function in
input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote
attackers to execute arbitrary code via the SDP Abstract attribute,
related to the rmff_dump_header function and related to disregarding
the max field. Although originally a xine-lib issue, also affects
MPlayer due to code similarity. (CVE-2008-0225)
Multiple heap-based buffer overflows in the rmff_dump_cont function
Next Page>>
|
