An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region’s chunks" feature of the function gig::Region::UpdateChunks in gig.cpp. Date published : 2018-07-20 https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp. Date published : 2018-07-20 https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL pointer dereference via a crafted MP4 file because of improper interaction with libav. Date published : 2018-07-20 http://hac425.unaux.com/index.php/archives/66/ https://github.com/ponchio/untrunc/issues/131
trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read. Date published : 2018-07-20 http://hac425.unaux.com/index.php/archives/64/ https://github.com/martinh/libconfuse/issues/109
MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted MP4 file. Date published...
In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file. Date published : 2018-07-20 http://hac425.unaux.com/index.php/archives/62/ https://github.com/axiomatic-systems/Bento4/issues/289
libdxfrw 0.6.3 has an Integer Overflow in dwgCompressor::decompress18 in dwgutil.cpp, leading to an out-of-bounds read and application crash. Date published : 2018-07-20 http://hac425.unaux.com/index.php/archives/59/ https://github.com/codelibs/libdxfrw/issues/2
get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV). Date published : 2018-07-20 http://hac425.unaux.com/index.php/archives/53/ https://github.com/ArchimedesCAD/libredwg/issues/6
Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs. Date published : 2018-07-20 https://www.foxitsoftware.com/support/security-bulletins.php
IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive information. IBM X-Force ID: 138434. Date published : 2018-07-20 http://www.securityfocus.com/bid/104919 http://www.ibm.com/support/docview.wss?uid=ibm10717025
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user....
Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current...
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. Date published : 2018-07-20 http://www.securityfocus.com/bid/104702 https://helpx.adobe.com/security/products/experience-manager/apsb18-23.html
Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation. Date published : 2018-07-20 http://www.securityfocus.com/bid/104696 https://helpx.adobe.com/security/products/connect/apsb18-22.html