Gentoo Linux Security Advisory 201412-11 - Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 20140406-r1 are affected.
0d52bd946d4c830b5f1f480535296f513bafe2d3abc811d6666cbb6fb317a087Gentoo Linux Security Advisory 201412-8 - This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.
a863e2eb03f0ac1937834e096aa9a52158ef6e9eb8144f3d6df45b14d4002a27Gentoo Linux Security Advisory 201010-1 - Multiple vulnerabilities in libpng might lead to privilege escalation or a Denial of Service. Versions less than 1.4.3 are affected.
053ed2283e7bc0cc350641770fd5cf189d7743c4b37cb99243aa7582fe434950VMware Security Advisory - VMware Workstation and Player address a potential installer security issue and security issues in libpng. VMware ACE Management Server (AMS) for Windows updates Apache httpd.
c598de56110b9b1285f2b8e0d5afbeeb93abb4d32d2d9e62b9bdc9c16b71278bDebian Linux Security Advisory 2075-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.
092cd6fcae7be8a7336bf071b7e24a49ce0e54b973c54ce339cf692b2a748f70Ubuntu Security Notice 958-1 - Several flaws were discovered in the browser engine of Thunderbird. An integer overflow was discovered in how Thunderbird processed CSS values. An integer overflow was discovered in how Thunderbird interpreted the XUL element. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. Soroush Dalili discovered that Thunderbird did not properly handle script error output.
5419ae4fb245c6c535395ea9b94b38b179ed987669180fa8c3c08cbbe2746990Ubuntu Security Notice 930-5 - USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2. It was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present.
1bc694bb7364fe045af2c603420b4ce5c13f78d79389c7548df6bc16771c9714Ubuntu Security Notice 930-4 - USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6. If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present.
503b3e80fd666c5b552b19fdd7eca8d7aca2731d1cbcf9e0be54a272cdad137fUbuntu Security Notice 957-1 - Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. Various integer overflows and other issues have also been addressed.
102cde32fa8d891e54788fea852e8b6a825b5afe8a3b7b8afa40b6db0cea7fcflibpng versions 1.4.2 and below denial of service exploit.
931618b16e3c9673a23c5b0e8ddfbea6cba73ec0d2a99d3d42b0cc17cb7cb77bDebian Linux Security Advisory 2072-1 - Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files.
d17b0e986dbcc1fbbef738ae5e58903f49fceb0dc5c82dae6a6e23be776a6dddMandriva Linux Security Advisory 2010-133 - Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
9dbcdb392f0269d231a9304f120b56317d9400add78640b2d61a8c8ee985f7fcUbuntu Security Notice 960-1 - It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service.
695c3fa01d385df30a9d7097d45ec9e589131d59ecd0ec3ed268993f351e471d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed