Next Page >>
context/dependent
Multiple vulnerabilities has been identified and fixed in php:
The _zip_name_locate function in zip_name_locate.c in the Zip extension
in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED
argument, which might allow context-dependent attackers to cause
a denial of service (application crash) via an empty ZIP archive
that is processed with a (1) locateName or (2) statName operation
(CVE-2011-0421).
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms
Multiple vulnerabilities has been identified and fixed in php:
The _zip_name_locate function in zip_name_locate.c in the Zip extension
in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED
argument, which might allow context-dependent attackers to cause
a denial of service (application crash) via an empty ZIP archive
that is processed with a (1) locateName or (2) statName operation
(CVE-2011-0421).
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms
Problem Description:
Multiple vulnerabilities has been identified and fixed in php:
Use-after-free vulnerability in the substr_replace function in PHP
5.3.6 and earlier allows context-dependent attackers to cause a
denial of service (memory corruption) or possibly have unspecified
other impact by using the same variable for multiple arguments
(CVE-2011-1148).
The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions
but does not require a minimum for its length, which allows attackers
to spoof HMAC-based signatures and bypass authentication by specifying
a truncation length with a small number of bits (CVE-2009-0217).
The Java Web Start framework does not properly check all application
jar files trust and this allows context-dependent attackers to
execute arbitrary code via a crafted application, related to NetX
(CVE-2009-1896).
Some variables and data structures without the final
keyword definition allows context-depend attackers to
patterns in the :NondisclosureName option. (CVE-2008-1145)
Multiple integer overflows in the rb_str_buf_append function in
Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before
1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2
allow context-dependent attackers to execute arbitrary code or
cause a denial of service via unknown vectors that trigger memory
corruption, a different issue than CVE-2008-2663, CVE-2008-2664,
and CVE-2008-2725. (CVE-2008-2662)
Multiple integer overflows in the rb_ary_store function in Ruby
functionality and the :DocumentRoot option. (CVE-2008-1891)
Multiple integer overflows in the rb_str_buf_append function in
Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before
1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2
allow context-dependent attackers to execute arbitrary code or
cause a denial of service via unknown vectors that trigger memory
corruption. (CVE-2008-2662)
Multiple integer overflows in the rb_ary_store function in Ruby
1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230,
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerability in PHP allowed context-dependent attackers to cause
a denial of service (crash) via a certain long string in the glob()
or fnmatch() functions (CVE-2007-4782).
A vulnerability in the cURL library in PHP allowed context-dependent
attackers to bypass safe_mode and open_basedir restrictions and read
functionality and the :DocumentRoot option. (CVE-2008-1891)
Multiple integer overflows in the rb_str_buf_append function in
Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before
1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2
allow context-dependent attackers to execute arbitrary code or
cause a denial of service via unknown vectors that trigger memory
corruption. (CVE-2008-2662)
Multiple integer overflows in the rb_ary_store function in Ruby
1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230,
Affected: 2008.0
_______________________________________________________________________
Problem Description:
A vulnerability in PHP allowed context-dependent attackers to cause
a denial of service (crash) via a certain long string in the glob()
or fnmatch() functions (CVE-2007-4782).
A vulnerability in the cURL library in PHP allowed context-dependent
attackers to bypass safe_mode and open_basedir restrictions and read
Problem Description:
Multiple vulnerabilities was discovered and corrected in php:
The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent
attackers to cause a denial of service (file truncation) via a key with
the NULL byte. NOTE: this might only be a vulnerability in limited
circumstances in which the attacker can modify or add database entries
but does not have permissions to truncate the file (CVE-2008-7068).
Certain chunk handlers allow attackers to cause a denial of service
(crash) via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG
images, which trigger out-of-bounds read operations. (CVE-2007-5269)
libpng allows context-dependent attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a PNG file with zero
length "unknown" chunks, which trigger an access of uninitialized
memory. (CVE-2008-1382)
The png_check_keyword might allow context-dependent attackers to set the
Multiple security vulnerabilities has been identified and fixed
in netpbm:
Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).
Buffer overflow in the jas_stream_printf function in
libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
Problem Description:
Multiple vulnerabilities has been found and corrected in OpenEXR:
Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1
allow context-dependent attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via unspecified
vectors that trigger heap-based buffer overflows, related to (1)
the Imf::PreviewImage::PreviewImage function and (2) compressor
constructors. NOTE: some of these details are obtained from third
party information (CVE-2009-1720).
Problem Description:
Multiple vulnerabilities has been found and corrected in OpenEXR:
Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1
allow context-dependent attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via unspecified
vectors that trigger heap-based buffer overflows, related to (1)
the Imf::PreviewImage::PreviewImage function and (2) compressor
constructors. NOTE: some of these details are obtained from third
party information (CVE-2009-1720).
directory during execution of a (1) setuid or (2) setgid program that
has in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because
of an incorrect fix for CVE-2010-3847 (CVE-2011-0536).
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC
(EGLIBC) allow context-dependent attackers to execute arbitrary code
or cause a denial of service (memory consumption) via a long UTF8
string that is used in an fnmatch call, aka a stack extension attack,
a related issue to CVE-2010-2898, as originally reported for use of
this library by Google Chrome (CVE-2011-1071).
function or in the ReadXCFImage function. It only affects the oldstable
distribution (etch).
CVE-2007-4986
Multiple integer overflows allow context-dependent attackers to execute
arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file,
which triggers a heap-based buffer overflow. It only affects the
oldstable distribution (etch).
CVE-2007-4987
Problem Description:
A number of vulnerabilities have been found and corrected in PHP:
PHP 5.2.1 would allow context-dependent attackers to read portions
of heap memory by executing certain scripts with a serialized data
input string beginning with 'S:', which did not properly track the
number of input bytes being processed (CVE-2007-1649).
A vulnerability in the chunk_split() function in PHP prior to 5.2.4
_______________________________________________________________________
Problem Description:
Multiple integer overflows in imageop.c in the imageop module in
Python 1.5.2 through 2.5.1 allow context-dependent attackers to
break out of the Python VM and execute arbitrary code via large
integer values in certain arguments to the crop function, leading to
a buffer overflow, a different vulnerability than CVE-2007-4965 and
CVE-2008-1679. (CVE-2008-4864)
Problem Description:
Multiple vulnerabilities were discovered and corrected in poppler:
The Gfx::getPos function in the PDF parser in poppler, allows
context-dependent attackers to cause a denial of service (crash)
via unknown vectors that trigger an uninitialized pointer dereference
(CVE-2010-3702).
The PostScriptFunction::PostScriptFunction function in
poppler/Function.cc in the PDF parser in poppler, allows
_______________________________________________________________________
Problem Description:
A buffer overflow in the imageloadfont() function in PHP allowed
context-dependent attackers to cause a denial of service (crash)
and potentially execute arbitrary code via a crafted font file
(CVE-2008-3658).
A buffer overflow in the memnstr() function allowed context-dependent
attackers to cause a denial of service (crash) and potentially execute
Problem Description:
Some vulnerabilities were discovered and corrected in php-5.2.11:
The tempnam function in ext/standard/file.c in PHP 5.2.11 and
earlier, and 5.3.x before 5.3.1, allows context-dependent attackers
to bypass safe_mode restrictions, and create files in group-writable
or world-writable directories, via the dir and prefix arguments
(CVE-2009-3557).
The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and
Heap-based overflow in Ghostscript's JBIG2 decoding library allows
attackers to cause denial of service and possibly to execute arbitrary
code by using a crafted PDF file (CVE-2009-0196).
Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).
Buffer overflow in the jas_stream_printf function in
libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
Problem Description:
Multiple vulnerabilities has been found and corrected in OpenEXR:
Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1
allow context-dependent attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via unspecified
vectors that trigger heap-based buffer overflows, related to (1)
the Imf::PreviewImage::PreviewImage function and (2) compressor
constructors. NOTE: some of these details are obtained from third
party information (CVE-2009-1720).
Problem Description:
Multiple vulnerabilities were discovered and corrected in poppler:
The Gfx::getPos function in the PDF parser in poppler, allows
context-dependent attackers to cause a denial of service (crash)
via unknown vectors that trigger an uninitialized pointer dereference
(CVE-2010-3702).
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser
in poppler, allows context-dependent attackers to cause a denial
logrotate 3.7.9 and earlier allows local users to read log data
by opening a file before the intended permissions are in place
(CVE-2011-1098).
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier
might allow context-dependent attackers to execute arbitrary commands
via shell metacharacters in a log filename, as demonstrated by a
filename that is automatically constructed on the basis of a hostname
or virtual machine name (CVE-2011-1154).
The writeState function in logrotate.c in logrotate 3.7.9 and earlier
Problem Description:
Multiple vulnerabilities were discovered and corrected in xpdf:
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5,
allows context-dependent attackers to cause a denial of service (crash)
via unknown vectors that trigger an uninitialized pointer dereference
(CVE-2010-3702).
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser
in xpdf before 3.02pl5, allows context-dependent attackers to cause a
Multiple vulnerabilities was discovered and fixed in glibc:
Multiple integer overflows in the strfmon implementation in
the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow
context-dependent attackers to cause a denial of service (memory
consumption or application crash) via a crafted format string, as
demonstrated by a crafted first argument to the money_format function
in PHP, a related issue to CVE-2008-1391 (CVE-2009-4880).
Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c
Problem Description:
Multiple vulnerabilities has been found and corrected in libxml:
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26,
2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent
attackers to cause a denial of service (application crash) via a
large depth of element declarations in a DTD, related to a function
recursion, as demonstrated by the Codenomicon XML fuzzing framework
(CVE-2009-2414).
attackers to cause a denial of service (crash) and possibly corrupt
the heap via malformed image files, as originally demonstrated using
imagemagick convert (CVE-2007-2721).
Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).
The jas_stream_tmpfile function in libjasper/base/jas_stream.c in
JasPer 1.900.1 allows local users to overwrite arbitrary files via
HTML-embedded scripting language. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2007-3806
The glob function allows context-dependent attackers to cause
a denial of service and possibly execute arbitrary code via
an invalid value of the flags parameter.
CVE-2008-1384
Next Page>>
|
