Monthly Archive: March 2017

tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of...

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22. Date...

LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via...

tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of...

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. Date published : 2017-03-24 http://www.securityfocus.com/bid/97117 http://www.debian.org/security/2017/dsa-3844

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. Date published : 2017-03-24 http://www.securityfocus.com/bid/97115 http://www.debian.org/security/2017/dsa-3844

XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. Date published : 2017-03-24 http://www.securityfocus.com/bid/97692 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850716

Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Date published : 2017-03-24 http://www.securityfocus.com/bid/95744 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851380

Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. Date published : 2017-03-24 http://www.securityfocus.com/bid/95749 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851483

coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. Date published : 2017-03-24 http://www.securityfocus.com/bid/95750 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851485

Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments to lightweight functions. Date published :...

regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation. Date published : 2017-03-24 http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73156496e569 https://bugs.ghostscript.com/show_bug.cgi?id=697381

The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable. Date published : 2017-03-24 http://www.securityfocus.com/bid/95359 https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line. Date published : 2017-03-24...