iDefense Security Advisory 06.10.08 - Remote exploitation of an integer overflow vulnerability in the FreeType2 library, as included in various vendors' operating systems, could allow an attacker to execute arbitrary code with the privileges of the affected application. iDefense has confirmed the existence of this vulnerability in FreeType2 version 2.3.5. Previous versions may also be affected.
18935846eb0ff2f48ca7a704216e84691e9e214cb67b355c026afedfc4490df0iDefense Security Advisory 03.18.08 - Remote exploitation of a heap based buffer overflow vulnerability in CUPS, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the affected service. iDefense has confirmed the existence of this vulnerability in CUPS version 1.3.5. Previous versions may also be affected.
e4d46a9684678e8df75b6c25e33e27ad6c93aaad48aaa56e0bb3ec5a591a62b0iDefense Security Advisory 02.26.08 - Remote exploitation of a heap based buffer overflow vulnerability in Mozilla Organization's Thunderbird could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists when parsing the external-body MIME type in an electronic mail. When calculating the number of bytes to allocate for a heap buffer, sufficient space is not reserved for all of the data being copied into the buffer. This results in up to 3 bytes of the buffer being overflowed, potentially allowing for the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Thunderbird version 2.0.0.9 on Linux and Windows. Previous versions may also be affected.
6bcbbedf8e21d3aec4e7200bc10753035e4d6a719690b0eb2fb4f2d04030ead2iDefense Security Advisory 01.17.08 - Local exploitation of an invalid array index vulnerability in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the X server, typically root. The vulnerability exists within the XFree86-Misc extension. When processing a request, a 32-bit value from the client's request is used as an index into an array of structures. This structure contains an array of function pointers, one of which is used later in the request handling. By supplying a large array index, an arbitrary function pointer can be dereferenced. This results in the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in X.org X11 version R7.3. Previous versions may also be affected.
b1bca06565d2f165aedea3eb15eab5d2d20441857d50764b8dc053baf339d3f8iDefense Security Advisory 01.17.08 - Local exploitation of multiple integer overflow vulnerabilities in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the X server, typically root. One vulnerability exists within the EVI extension. When processing a request, the server uses a 32-bit value provided by the client in an arithmetic operation that calculates the number of bytes to allocate for a dynamic buffer. This operation can overflow, which later leads to a potentially exploitable heap overflow. Another vulnerability exists within the MIT-SHM extension. When allocating a pixmap, the server uses values from the request to verify that the requested size is not greater than the amount of allocated shared memory. The calculation can overflow, which leads to the overwriting of arbitrary addresses in memory that aren't part of the shared memory segment. iDefense has confirmed the existence of these vulnerabilities in X.Org X11 version R7.3. Previous versions may also be affected.
4771cffce18053e80e066e7475e194c4330b692f7bbb96e44000ac38b0c62d4fiDefense Security Advisory 01.17.08 - Local exploitation of an information disclosure vulnerability in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to gain access to sensitive information stored in server memory. The vulnerable code exists within the TOG-CUP extension. A 32-bit client supplied value is taken directly from the request, and then used as an index into an array. The value located at this index is then stored into a buffer which is later sent to the client. This allows a client to read memory from arbitrary locations in server memory. iDefense has confirmed the existence of this vulnerability in X.Org X11 version R7.3. Previous versions may also be affected.
a830ea77fa2be6da734569efacfc8af0c88a9b2b7118beb38c4ab08de59b7be4iDefense Security Advisory 01.17.08 - Local exploitation of multiple memory corruption vulnerabilities in the X.Org X server, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the X server, typically root. Vulnerable code exists within multiple functions in the XInput extension. By sending specially crafted X11 requests, an attacker is able to corrupt heap memory located after their request data. This results in a potentially exploitable condition. Defense has confirmed the existence of these vulnerabilities in X.Org X11 version R7.3. Previous versions may also be affected.
4357bff2a486d2934d0def5af55ed1b0333abfe4897f136cdcb70115231ac4b8iDefense Security Advisory 09.19.07 - Remote exploitation of a sign extension vulnerability in ImageMagick, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.
f15006e42c189c3db2bf727e6128cafe43dfd9f11ab3e04f180f7aaa700c2726iDefense Security Advisory 09.19.07 - Remote exploitation of multiple denial of service vulnerabilities in ImageMagick, as included in various vendors' operating system distributions, allows attackers to consume excessive CPU resources on the target system. The first vulnerability exists in the ReadDCMImage() function. Since the return value of ReadBlobByte() is not properly checked, it can enter an infinite loop. The second vulnerability exists in the ReadXCFImage() function. Since the return value of ReadBlobMSBLong() is not properly checked, it can enter an infinite loop. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.
0a5c70db502c3a5cf0ea526562f6fa2b0f92c51300e22a74037a7ad48f2d63fciDefense Security Advisory 09.19.07 - Remote exploitation of an off-by-one vulnerability in ImageMagick, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.
6e14652fd891c0ae053226ed97e3c1707acb9c431d9f1925d4a9ea997f01bbd4iDefense Security Advisory 09.19.07 - Remote exploitation of multiple integer overflow vulnerabilities in ImageMagick, as included in various vendors' operating system distributions, allows attackers to crash applications using the ImageMagick library, and in some cases, execute arbitrary code. Several integer overflow vulnerabilities have been identified in ImageMagick's handling of various file formats. By creating a specially crafted DCM, DIB, XBM, XCF, or XWD image file, an attacker can cause a heap buffer of insufficient size to be allocated. This results in a heap-based buffer overflow. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.
5b1330bd7f39749529500cc92bdb0c3b934975d17ff694e3d5b0edf375532508iDefense Security Advisory 02.23.07 - Remote exploitation of an input validation error causing an integer underflow in version 3.10 of the Mozilla Foundation's Network Security Services (NSS) may allow an attacker to cause a stack-based buffer overflow and execute arbitrary code on the affected application. The vulnerability specifically exists in code responsible for handling the client master key. While negotiating an SSLv2 session, a client can specify invalid parameters which causes an integer underflow. The resulting value is used as the amount of memory to copy into a fixed size stack buffer. As a result, a potentially exploitable stack-based buffer overflow condition occurs. iDefense has confirmed this vulnerability exists in versions 3.10 and 3.11.3 of the Mozilla Network Security Services. These libraries are used in a variety of products from multiple vendors including Sun Microsystems, Red Hat and Mozilla. Previous versions are also likely to be affected. The names 'libnss3.so' on Linux based systems or 'nss3.dll' on Windows based systems may indicate the library is being used by an application.
dc4ab453dda77e026844208264a462cb957ca2492ea8e8a46e862bdaf9c7328fiDefense Security Advisory 02.23.07 - Remote exploitation of an input validation error causing an integer underflow in version 3.10 of the Mozilla Foundation's Network Security Services (NSS) may allow an attacker to execute arbitrary code in the context of the affected application. The vulnerability specifically exists due to a design error in the processing of malformed SSLv2 server messages. By sending a certificate with a public key too small to encrypt the "Master Secret", heap corruption can be triggered which may result in the execution of arbitrary code. iDefense has confirmed this vulnerability exists in versions 3.10 and 3.11.3 of Mozilla Network Security Services. These libraries are used in a variety of products from multiple vendors including Sun Microsystems, Red Hat and Mozilla. Previous versions are also likely to be affected. The names 'libnss3.so' on Linux based systems or 'nss3.dll' on Windows based systems may indicate the library is being used by an application.
7fb16bcdf325338a79fb7ce3dd350a70780cc885fbc2e518170ea257c01eb652
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed