Gentoo Linux Security Advisory 201209-25 - Multiple vulnerabilities have been found in VMware Player, Server, and Workstation, allowing remote and local attackers to conduct several attacks, including privilege escalation, remote execution of arbitrary code, and a Denial of Service.
69658d66093686eada54ad82e7c69c212f082445ebab3cf082f1e1fbc3b98de1VMware Security Advisory - Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
cf33ed983d59f3fe21ba66fc27682e8a073a9ba1d0031e69d9302bd25acc6efdDebian Security Advisory 1542-1 - Peter Valchev (Google Security) discovered a series of integer overflow weaknesses in Cairo, a vector graphics rendering library used by many other applications. If an application uses cairo to render a maliciously-crafted PNG image, the vulnerability allows the execution of arbitrary code.
c165147976719e08c2a1e3ba70057d7131f5ffef25045b0151f64a692557a589Mandriva Linux Security Advisory - Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with the privileges of the user opening the file.
5c5afff8ec96d64964cd15612959b3282470a0bb00a9066eb6da05c426150e1bUbuntu Security Notice 550-3 - USN-550-1 fixed vulnerabilities in Cairo. A bug in font glyph rendering was uncovered as a result of the new memory allocation routines. In certain situations, fonts containing characters with no width or height would not render any more. This update fixes the problem. Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with user privileges.
fde98b6de45bea4444101246c3b1c8d2eb8c38bf2b3e9d872694441b7e4f72d9Gentoo Linux Security Advisory GLSA 200712-04 - Multiple integer overflows were reported, one of which Peter Valchev (Google Security) found to be leading to a heap-based buffer overflow in the cairo_image_surface_create_from_png() function that processes PNG images. Versions less than 1.4.12 are affected.
2cb7fca04ba943dd95a43c33f07cc3ad6dcecc421b8106a051f76518de162641Ubuntu Security Notice 550-1 - Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with user privileges.
8d3dcdef1feac2d1123b15e889bc4deba2b7a8eba999fb59ae42b1f89b89d79c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed