Next Page >>
heap corruption
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Google SketchUp 'lib3ds' 3DS Importer Memory Corruption
1. *Advisory Information*
Application: Winamp
http://www.winamp.com
Versions: <= 5.61
Platforms: Windows
Bugs: A] vp6 heap corruption
B] h263 heap corruption
C] nsvdec_vp5 frame heap overflow
D] nsvdec_vp6 frame integer overflow
E] nsvdec_vp3 frame heap overflow
F] in_mod heap corruption
The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
Series switches and Cisco 7600 Series routers is affected by the
following vulnerabilities:
* Syslog Message Memory Corruption Denial of Service Vulnerability
* Authentication Proxy Denial of Service Vulnerability
* TACACS+ Authentication Bypass Vulnerability
* Sun Remote Procedure Call (SunRPC) Inspection Denial of Service
Vulnerabilities
* Internet Locator Server (ILS) Inspection Denial of Service
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
VLC media player XSPF Memory Corruption
1. *Advisory Information*
Title: VLC media player XSPF Memory Corruption
- 07/Apr/2011 -> Vendor releases a new version addressing the flaw.
- 12/Apr/2011 -> Advisory published.
[Bug Summary]
- Memory Corruption (likely code execution)
[Impact]
- Medium/High
[Affected Version]
* Rewrote var_export() to use smart_str rather than output buffering,
prevents data disclosure if a fatal error occurs (CVE-2010-2531).
* Fixed a possible resource destruction issues in shm_put_var().
* Fixed a possible information leak because of interruption of
XOR operator.
* Fixed a possible memory corruption because of unexpected call-time
pass by refernce and following memory clobbering through callbacks.
* Fixed a possible memory corruption in ArrayObject::uasort().
* Fixed a possible memory corruption in parse_str().
* Fixed a possible memory corruption in pack().
* Fixed a possible memory corruption in substr_replace().
--------------------------------------------------------------------------------------
* Ghostscript library Ins_MINDEX() off by one, *
* integer overflow and heapcorruption *
--------------------------------------------------------------------------------------
--[ Vulnerability Summary:
Date Published: 31/08/2010
Last Update: 31/08/2010
Joly of VUPEN Security reported multiple heap-based buffer overflows
in the JBIG2 filter (CVE-2009-0509, CVE-2009-0510, CVE-2009-0511,
CVE-2009-0512, CVE-2009-0888, CVE-2009-0889)
* Arr1val reported that multiple methods in the JavaScript API might
lead to memory corruption when called with crafted arguments
(CVE-2009-1492, CVE-2009-1493).
* An anonymous researcher reported a stack-based buffer overflow
related to U3D model files with a crafted extension block
(CVE-2009-1855).
The JavaScript garbage collector in WebKit in Apple Safari before
4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1
through 2.2.1 does not properly handle allocation failures, which
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
HTML document that triggers write access to an offset of a NULL
pointer. (CVE-2009-1687).
WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit
(aka Qt toolkit), and possibly other products does not properly handle
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability ]
Author: sp3x
Date:
- - Written: 06.12.2007
- - Public: 09.01.2008
Array index error in the insertItemBefore method in WebKit, allows remote
attackers to execute arbitrary code via a document with a SVGPathList data
structure containing a negative index in the SVGTransformList, SVGStringList,
SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object,
which triggers memory corruption.
CVE-2009-1687
The JavaScript garbage collector in WebKit does not properly handle allocation
Multiple vulnerabilities have been discovered in the Ruby interpreter
and its standard libraries. Drew Yao of Apple Product Security
discovered the following flaws:
* Arbitrary code execution or Denial of Service (memory corruption)
in the rb_str_buf_append() function (CVE-2008-2662).
* Arbitrary code execution or Denial of Service (memory corruption)
in the rb_ary_stor() function (CVE-2008-2663).
CVE-2007-5327, occur due to insufficient bounds checking by
multiple components. The second vulnerability, CVE-2007-5328,
occurs due to privileged functions being available for use without
proper authorization. The third set of vulnerabilities,
CVE-2007-5329, CVE-2007-5330, CVE-2007-5331, and CVE-2007-5332,
are due to a memory corruption occurring with the processing of
RPC procedure arguments by multiple services. The vulnerabilities
allow an attacker to cause a denial of service, or potentially to
execute arbitrary code.
Note: Updated patches are available. The original patches did not
CVE-2007-5327, occur due to insufficient bounds checking by
multiple components. The second vulnerability, CVE-2007-5328,
occurs due to privileged functions being available for use without
proper authorization. The third set of vulnerabilities,
CVE-2007-5329, CVE-2007-5330, CVE-2007-5331, and CVE-2007-5332,
are due to a memory corruption occurring with the processing of
RPC procedure arguments by multiple services. The vulnerabilities
allow an attacker to cause a denial of service, or potentially to
execute arbitrary code.
Mitigating Factors:
[On-line version will be at http://www.postfix.org/CVE-2011-1720.html]
Summary
=======
The Postfix SMTP server has a memory corruption error when the Cyrus
SASL library is used with authentication mechanisms other than PLAIN
and LOGIN (the ANONYMOUS mechanism is unaffected but should not be
enabled for different reasons). See below for instructions to
determine what systems are affected.
28-Jul-2011
___________________________________________________________________________
Vendor: Citrix, http://www.citrix.com
Affected Products: XenApp and XenDesktop
Affected Version: See the Citrix security bulletin [2] for a list
Vulnerability: Heap Corruption in Citrix XML Service
Risk: HIGH
___________________________________________________________________________
Vendor communication:
The JavaScript garbage collector in WebKit in Apple Safari before
4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1
through 2.2.1 does not properly handle allocation failures, which
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
HTML document that triggers write access to an offset of a NULL
pointer. (CVE-2009-1687)
Use-after-free vulnerability in WebKit, as used in Apple Safari
before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1
CVE-2009-1687
The JavaScript garbage collector in WebKit, as used in qt4-x11 does not
properly handle allocation failures, which allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted HTML document that triggers write
access to an "offset of a NULL pointer.
CVE-2009-1690
Hash: SHA1
Core Security Technologies - Corelabs Advisory
http://corelabs.coresecurity.com/
Microsoft Publisher 2007 Pubconv.dll Memory Corruption
1. *Advisory Information*
Title: Microsoft Publisher 2007 Pubconv.dll Memory Corruption
- -------------------------------------------------------------------------
1. Summary
Updated VMware Hosted products and patches for ESX and ESXi resolve
two security issues. The first is a critical memory corruption
vulnerability in virtual device hardware. The second is an updated
bzip2 package for the Service Console.
2. Relevant releases
Multiple integer overflows in the rb_str_buf_append function in
Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before
1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2
allow context-dependent attackers to execute arbitrary code or
cause a denial of service via unknown vectors that trigger memory
corruption, a different issue than CVE-2008-2663, CVE-2008-2664,
and CVE-2008-2725. (CVE-2008-2662)
Multiple integer overflows in the rb_ary_store function in Ruby
1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230,
and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to
Multiple integer overflows in the rb_str_buf_append function in
Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before
1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2
allow context-dependent attackers to execute arbitrary code or
cause a denial of service via unknown vectors that trigger memory
corruption. (CVE-2008-2662)
Multiple integer overflows in the rb_ary_store function in Ruby
1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230,
and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to
execute arbitrary code or cause a denial of service via unknown
Multiple integer overflows in the rb_str_buf_append function in
Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before
1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2
allow context-dependent attackers to execute arbitrary code or
cause a denial of service via unknown vectors that trigger memory
corruption. (CVE-2008-2662)
Multiple integer overflows in the rb_ary_store function in Ruby
1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230,
and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to
execute arbitrary code or cause a denial of service via unknown
The following vulnerabilities were reported in all mentioned Mozilla
products:
* Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and
Paul Nickerson reported browser crashes related to JavaScript
methods, possibly triggering memory corruption (CVE-2008-0412).
* Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,
Philip Taylor, and tgirmann reported crashes in the JavaScript
engine, possibly triggering memory corruption (CVE-2008-0413).
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com
Microsoft Office HtmlDlgHelper class memory corruption
1. *Advisory Information*
Title: Microsoft Office HtmlDlgHelper class memory corruption
Advisory Id: CORE-2010-0517
Problem Description:
A vulnerability was discovered and corrected in the Linux 2.6 kernel:
The X.25 implementation does not properly parse facilities, which
allows remote attackers to cause a denial of service (heap memory
corruption and panic) or possibly have
unspecified other impact via malformed data, a different vulnerability
than CVE-2010-4164. (CVE-2010-3873)
The bcm_connect function Broadcast Manager in the Controller Area
Network (CAN) implementation in the Linux creates a publicly accessible
a proxy and reading the error messages (CVE-2011-3670).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18
and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers
to cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors (CVE-2012-0442).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey
before 2.7 allow remote attackers to cause a denial of service (memory
ZDI-08-049: Microsoft Windows Graphics Rendering Engine PICT Heap
Corruption
http://www.zerodayinitiative.com/advisories/ZDI-08-049
August 12, 2008
-- CVE ID:
CVE-2008-3021
-- Affected Vendors:
Microsoft
ZDI-08-045: Apple Safari StyleSheet ownerNode Heap Corruption
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-045
July 25, 2008
-- CVE ID:
CVE-2008-2317
-- Affected Vendors:
Apple
CA's support is alerting customers to multiple security risks
associated with CA Anti-Virus Engine. Vulnerabilities exist in
the arclib component that can allow a remote attacker to cause a
denial of service, or to cause heap corruption and potentially
further compromise a system. CA has issued fixes to address the
vulnerabilities.
The first vulnerability, CVE-2009-3587, is due to improper
handling of a specially crafted RAR archive file by the CA
Next Page>>
|
