There is an integer overflow when allocating memory in the routine that handles loading PNG image files with the GD graphics library versions 2.0.28 and below. This later leads to heap data structures being overwritten. If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image. Exploit to create a working PNG for this enclosed.
24283338134ab68e16c03983a163ba4627ec59ad549edd928b9c4c5688c6f6e6
There exists multiple integer overflows in routines that handle copying in user supplied data for the Linux Sbus PROM driver. They allow for a local denial of service attack and possible code execution.
d82e6c596490895e4fdf7268fb5bd8cee56764769900a142ebd3a32e518925b8
There exists an integer overflow in the Broadcom 5820 Cryptonet driver. A user supplied value is used to size a dynamic buffer, and this buffer is subsequently filled with user supplied data. This allows for a local denial of service attack with possible code execution.
e054cb5f6c00876a9b469f206a34496e8c5a8492521c2abdc71ff82951387141
The Linux kernel IEEE 1394 aka Firewire driver suffers from integer overflows that can result in a local denial of service and possible code execution. Both the 2.4 and 2.6 series are affected.
4871c28b4a1ceac9f9d68c77950e103399841d51e84d43d791e9156d8da2a03c