The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure. Date published : 2017-07-07 http://www.securityfocus.com/bid/99498 http://hg.code.sf.net/p/graphicsmagick/code/rev/d445af60a8d5
When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c. Date published : 2017-07-07 https://github.com/matthiaskramm/swftools/issues/26
When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c. Date published : 2017-07-07 https://github.com/matthiaskramm/swftools/issues/27
When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c. Date published : 2017-07-07 https://github.com/matthiaskramm/swftools/issues/31
When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c. Date published : 2017-07-07 https://github.com/matthiaskramm/swftools/issues/32
When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c. Date published : 2017-07-07 https://github.com/matthiaskramm/swftools/issues/24
When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c. Date published : 2017-07-07 https://github.com/matthiaskramm/swftools/issues/25
The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image. Date published : 2017-07-07 http://www.securityfocus.com/bid/99496 https://github.com/ImageMagick/ImageMagick/issues/538
Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document. Date published : 2017-07-07 http://www.securityfocus.com/bid/99499 https://www.foxitsoftware.com/support/security-bulletins.php
The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page. Date published : 2017-07-07 https://lorexxar.cn/2017/07/07/WordPress%20WP%20Statistics%20authenticated%20xss%20Vulnerability%28WP%20Statistics%20-=12.0.9%29/
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other...
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the...
In FineCMS through 2017-07-07, applicationcorecontrollertemplate.php allows remote PHP code execution by placing the code after "
An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free...