Next Page >>
heap overflow
Application: xine-lib
http://xinehq.de
Versions: <= 1.1.11
Platforms: Linux, *BSD, Solaris, Irix, MacOSX, Windows and others
Bugs: A] heap-overflow in demux_flv
B] heap-overflow in demux_qt
C] heap-overflow in demux_real
D] heap-overflow in demux_wc3movie
E] heap-overflow in ebml
F] heap-overflow in demux_film
Technical Details:
The vulnerabilities in the .FLAC format are due to improperly handling
metadata values from malformed files. The file format is available here:
http://flac.sourceforge.net/format.html.
Vulnerability #1: Metadata Block Size Heap Overflow
The first notable vulnerability is the Metadata Block Size Overflow
vulnerability. Editing any Metadata Block Size value to a large value
such as 0xFFFFFFFF may result in a heap based overflow in the decoding
software.
Whenever vulnerable software open or process a malformed FLAC file, they
http://www.winamp.com
Versions: <= 5.61
Platforms: Windows
Bugs: A] vp6 heap corruption
B] h263 heap corruption
C] nsvdec_vp5 frame heap overflow
D] nsvdec_vp6 frame integer overflow
E] nsvdec_vp3 frame heap overflow
F] in_mod heap corruption
Date: 27 Jun 2011
Author: Luigi Auriemma
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server
1. *Advisory Information*
Title: Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server
Application: Chance-i DiViS-Web DVR System ActiveX control
Versions Affected: 3,0,0,7
Vendor URL: http://www.chance-i.com/
Bug: Heap Overflow
Exploits: YES
Reported: 13.03.2009
Second Reported: 20.03.2009
Solution: NONE
Date of Public Advisory: 09.04.2009
Subversion clients and servers, versions 1.6.0 - 1.6.3 and all
versions < 1.5.7, are vulnerable to several heap overflow problems
which may lead to remote code execution. The official advisory
(mirrored at http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt)
follows:
Subversion clients and servers up to 1.6.3 (inclusive) have heap
overflow issues in the parsing of binary deltas.
Application: Foxit Remote Access Server (WAC Server)
http://www.foxitsoft.com/wac/server_intro.php
Versions: <= 2.0 Build 3503
Platforms: Windows
Bugs: A] telnet option heap overflow
B] SSH packet heap overflow
Exploitation: remote
Date: 16 Feb 2008
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
Application: Winamp
http://www.winamp.com
Versions: <= 5.61
Platforms: Windows
Bugs: A] in_midi Controller messages heap overflow
B] in_midi Note On messages heap overflow
C] in_midi MTrk heap overflow
Date: 27 Jun 2011
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager CTL
Provider Heap Overflow
Document ID: 100345
Advisory ID: cisco-sa-20080116-cucmctl
:. GOODFELLAS Security Research TEAM .:
:. http://goodfellas.shellcode.com.ar .:
ActiveX hpqutil!ListFiles hpqutil.dll - Remote heap overflow.
=============================================================
Internal ID: VULWAR200706041
introduction
------------
Code Audit Labs (http://www.vulnhunt.com) Code Audit for some popular
media player and discovered some vulnerabilities.
one heap overflow was discovered in MPlayer.
one heap overflow and one integer overflow were discovered in media
player classic(mpc) and other produces base on mpc like mympc and
StormPlayer).
Some D.o.S (raise 100% cpu ) were discovred in KMPlayer.
>
> Application: Winamp
> http://www.winamp.com
> Versions: <= 5.61
> Platforms: Windows
> Bugs: A] in_midi Controller messages heap overflow
> B] in_midi Note On messages heap overflow
> C] in_midi MTrk heap overflow
> Date: 27 Jun 2011
> Author: Luigi Auriemma
> e-mail: aluigi@autistici.org
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Corel Paint Shop Pro Photo X2 FPX Heap Overflow
1. *Advisory Information*
Title: Corel Paint Shop Pro Photo X2 FPX Heap Overflow
Multiple heap-based buffer overflows in the cirrus_invalidate_region
function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and
possibly other products, might allow local users to execute arbitrary
code via unspecified vectors related to attempting to mark non-existent
regions as dirty, aka the bitblt heap overflow. (CVE-2007-1320)
Integer signedness error in the NE2000 emulator in QEMU 0.8.2,
as used in Xen and possibly other products, allows local users to
trigger a heap-based buffer overflow via certain register values
that bypass sanity checks, aka QEMU NE2000 receive integer signedness
2008/07/31 #2008-009 libxslt heap overflow
Description:
The libexslt library bundled with libxslt is affected by a heap-based buffer
overflow which can lead to arbitrary code execution.
The vulnerability is present in the rc4 encryption/decryption functions. An
arbitrary length string, passed as an argument in the XSL input, is
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Windows Movie Maker and Microsoft Producer IsValidWMToolsStream() Heap
Overflow
1. *Advisory Information*
Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow
iDefense Security Advisory 10.09.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 09, 2007
I. BACKGROUND
Microsoft Windows Mail and Outlook Express are the default mail and news
clients for Windows operating systems. More information can be found at
Application: ASG-Sentry
http://www.asg-sentry.com
Versions: <= 7.0.0
Platforms: Windows and Unix
Bugs: A] arbitrary files deleting
B] heap-overflow in FxAgent
C] termination of FxIAList
D] buffer-overflow in FxIAList
Exploitation: remote
Date: 10 Mar 2008
Author: Luigi Auriemma
Release mode: Coordinated release
*Vulnerability Information*
Class: Heap overflow, integer overflow
Remotely Exploitable: No
Locally Exploitable: No
Bugtraq ID: 28006, 28005
CVE Name: CVE-2008-0986, CVE-2008-0985, CVE-2006-5793, CVE-2007-2445,
CVE-2007-5267, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/
XnView MBM Processing Heap Overflow
1. *Advisory Information*
Application: GenStat
http://www.vsni.co.uk/software/genstat/
Versions: <= 14.1.0.5943
Platforms: Windows
Bugs: A] array overflow with write2
B] heap overflow
Exploitation: file
Date: 01 Oct 2011
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org
Windows Metafile AttemptWrite Heap Overflow
Release Date:
August 14, 2007
Date Reported:
March 27, 2007
Severity:
High (Code Execution)
VGX.DLL Compressed Content Heap Overflow Vulnerability
Release Date:
August 14, 2007
Date Reported:
October 24, 2006
Severity:
High (Code Execution)
========================================================================
Multiple Flash Authoring Heap Overflows - Malformed SWF Files
Vendor Website: http://www.adobe.com
Affected Versions:
Adobe Flash Professional CS3/Flash MX2004
Vendor Notified. July 2008
Public Disclosure. October 16th 2008
http://www.battlefront.com/products/dropteam/news.html
Versions: <= 1.3.3
Platforms: Windows, Linux and Mac
Bugs: A] format string through packet 0x01
B] buffer-overflow through packet 0x5c
C] heap-overflow through packet 0x18
D] various memory crash through packet 0x4b
E] account password sent to server
Exploitation: remote, versus server
Date: 05 Oct 2007
Author: Luigi Auriemma
BitDefender Online Scanner 8 Double Decode Heap Overflow
Release Date:
November 20, 2007
Date Reported:
October 24, 2007
Severity:
High (Remote Code Execution)
http://www.debian.org/security/ Florian Weimer
February 09, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : cvs
Vulnerability : heap overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0804
It was discovered that a malicious CVS server could cause a heap
because the vulnerabilities are not fixed with patch NNM_01195 and are
not mentioned on published advisories.
CVE identification code CVE-2009-0920 was assigned to the
unpatched/variant stack-based overflow related to CVE-2008-0067, and
CVE-2009-0921 was assigned for the two heap overflows. Bugtraq IDs
(BIDs) were assigned: 34134 for 'OvAcceptLang' parameter bug; and 34135
for the 'Accept-Language' HTTP header bug.
7.1. *Stack-based overflow (CVE-2009-0920)*
======================================================================
Secunia Research 08/04/2008
- Adobe Flash Player "Declare Function (V7)" Heap Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
=======
Summary
=======
Name: Apple OSX / iPhone iOS ImageIO TIFF getBandProcTIFF TileWidth Heap Overflow
Reference: NGS00062
Discoverer: Dominic Chell <dominic.chell@ngssecure.com>
Vendor: Apple
Vendor Reference: 145575681
Systems Affected: Apple OSX / iPhone iOS / Possibly others using LibTiff
Risk: High
Next Page>>
|
