Next Page >>
integer overflow
Hash: SHA1
~ Core Security Technologies - CoreLabs Advisory
~ http://www.coresecurity.com/corelabs/
~ Borland Interbase 2007 Integer Overflow
*Advisory Information*
Title: Borland Interbase 2007 Integer Overflow
Unfortunately, their linker does not support LD_PRELOAD or
LD_LIBRARY_PATH, so nothing to play with there. Interestingly, their
linker they still set it LD_LIBRARY_PATH on system startup.
Integer overflows in *calloc
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
chk_calloc is vulnerable to integer overflows. dlcalloc() _is_
protected. It is controlled by
system_property_get("libc.debug.malloc"). Unfortunately, AFAICT debug
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow ]
Author: Maksymilian Arciemowicz
http://securityreason.com/
http://cxib.net/
Date:
- - Dis.: 11.11.2010
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier allow remote attackers to cause a denial of service (crash)
via a crafted PDF file (CVE-2009-0147).
The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers
to cause a denial of service (crash) via a crafted PDF file that
Multiple input validation flaws in the JBIG2 decoder allows
remote attackers to execute arbitrary code via a crafted PDF file
(CVE-2009-0800).
An integer overflow in the JBIG2 decoder allows remote attackers to
execute arbitrary code via a crafted PDF file (CVE-2009-1179).
A free of invalid data flaw in the JBIG2 decoder allows remote
attackers to execute arbitrary code via a crafted PDF (CVE-2009-1180).
Multiple input validation flaws in the JBIG2 decoder allows
remote attackers to execute arbitrary code via a crafted PDF file
(CVE-2009-0800).
An integer overflow in the JBIG2 decoder allows remote attackers to
execute arbitrary code via a crafted PDF file (CVE-2009-1179).
A free of invalid data flaw in the JBIG2 decoder allows remote
attackers to execute arbitrary code via a crafted PDF (CVE-2009-1180).
Affected: 2009.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Name: Xpdf - Integer overflow which causes heap overflow and NULL pointer derefernce
Author: Adam Zabrocki / HISPASEC (<pi3@itsec.pl> or <adam@hispasec.com>)
Date: July 06, 2009
Issue:
Xpdf allows local and remote attackers to overflow buffer on heap via integer overflow vulnerability.
Xpdf is prone to NULL pointer dereference attack.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[PHP 5.2.5 and prior : *printf() functions Integer Overflow ]
Author: Maksymilian Arciemowicz (cXIb8O3)
SecurityReason.com and SecurityReason.pl
Date:
- - Written: 01.03.2008
- - Public: 20.03.2008
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Luxology Modo 401 .LXO Integer Overflow
1. *Advisory Information*
- --------------------
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Luxology Modo 401 .LXO Integer Overflow
1. *Advisory Information*
ssize_t
strfmon(char * restrict s, size_t maxsize, const char * restrict format,
...);
- --- 1. /usr/src/lib/libc/stdlib/strfmon.c - Integer Overflow ---
The main problem and vulnerability exist in strfmon() function. When we use this function in example program:
- ---example-start--
#include <stdio.h>
#include <monetary.h>
CORRECTION:
===========
TPTI-10-07: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-10-07
August 11, 2010
==============
Should replace
==============
ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability
Details:
========
The libsvn_delta library does not contain sufficient input validation
of svndiff streams. If a stream with large windows is processed,
one of several integer overflows may lead to some boundary checks
incorrectly passing, which in turn can lead to a heap overflow.
Severity:
=========
Problem Description:
Multiple vulnerabilities has been found and corrected in xpdf:
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x
before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers
to execute arbitrary code via a crafted PDF document that triggers a
heap-based buffer overflow. NOTE: some of these details are obtained
from third party information. NOTE: this issue reportedly exists
because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).
Problem Description:
Multiple vulnerabilities has been found and corrected in xpdf:
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x
before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers
to execute arbitrary code via a crafted PDF document that triggers a
heap-based buffer overflow. NOTE: some of these details are obtained
from third party information. NOTE: this issue reportedly exists
because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).
The Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2009-1188 and CVE-2009-3603
Integer overflow in SplashBitmap::SplashBitmap which might allow remote
attackers to execute arbitrary code or an application crash via a crafted
PDF document.
CVE-2009-3604
Versions: <= 5.61
Platforms: Windows
Bugs: A] vp6 heap corruption
B] h263 heap corruption
C] nsvdec_vp5 frame heap overflow
D] nsvdec_vp6 frame integer overflow
E] nsvdec_vp3 frame heap overflow
F] in_mod heap corruption
Date: 27 Jun 2011
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
--------------------------------------------------------------------------------------
* Ghostscript library Ins_MINDEX() off by one, *
* integer overflow and heapcorruption *
--------------------------------------------------------------------------------------
--[ Vulnerability Summary:
Date Published: 31/08/2010
Last Update: 31/08/2010
Name: Mod_proxy from apache 1.3 - Integer overflow which causes heap overflow.
Author: Adam Zabrocki (<pi3@itsec.pl> or <zabrocki@cern.ch>)
Date: Jan 27, 2010
Issue:
Mod_proxy from apache 1.3.xx (tested on latest version - 1.3.41) allows local and remote attackers
to overflow buffer on heap via integer overflow vulnerability.
(2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or
(5) %20 (encoded space) character in the URI, possibly related to
the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new
functionality and the :DocumentRoot option. (CVE-2008-1891)
Multiple integer overflows in the rb_str_buf_append function in
Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before
1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2
allow context-dependent attackers to execute arbitrary code or
cause a denial of service via unknown vectors that trigger memory
corruption. (CVE-2008-2662)
Affected: Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
ZDI-08-004: Adobe Acrobat Javascript for PDF Integer Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-004.html
February 11, 2008
-- Affected Vendor:
Adobe
-- Affected Products:
Reader 8.1.1 and earlier versions
CVE-2008-1419
libvorbis does not properly handle a zero value which allows remote
attackers to cause a denial of service (crash or infinite loop) or
trigger an integer overflow.
CVE-2008-1420
Integer overflow in libvorbis allows remote attackers to execute
arbitrary code via a crafted OGG file, which triggers a heap overflow.
Buffer overflow in BibTeX 0.99 allows context-dependent attackers to
cause a denial of service (memory corruption and crash) via a long
.bib bibliography file (CVE-2009-1284).
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc
in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in
GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote
attackers to execute arbitrary code via a crafted PDF document that
triggers a heap-based buffer overflow (CVE-2009-3608).
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a
crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap
(CVE-2009-0146, CVE-2009-0147).
[TEXT VERSION]
GearSoftware Powered Products Local Privilege Escalation
+ GEARASpiWDM.sys Insecure Method
+ Microsoft Windows Kernel IopfCompleteRequest Integer Overflow
:: Summary
(2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or
(5) %20 (encoded space) character in the URI, possibly related to
the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new
functionality and the :DocumentRoot option. (CVE-2008-1891)
Multiple integer overflows in the rb_str_buf_append function in
Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before
1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2
allow context-dependent attackers to execute arbitrary code or
cause a denial of service via unknown vectors that trigger memory
corruption. (CVE-2008-2662)
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
VNC Multiple Integer Overflows
1. *Advisory Information*
Title: VNC Multiple Integer Overflows
Next Page>>
|
