![]() When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. Later when the tool tries to populate this buffer, the overflow will occur which can lead to code execution under the context of the user running the tool.Īn exploitable heap-based buffer overflow exists in Iceni Argus. Due to a signedness issue, a buffer smaller than the requested size will be returned. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. This can lead to code execution under the context of the account running the tool.Īn exploitable heap-based buffer overflow exists in Iceni Argus. In most cases this will allow an aggressor to write outside the bounds of a stack buffer which is used to contain colors. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operation. Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.Īn exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file. This is fixed in 7.2.8.įormat string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument. Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. Patch information is provided when available. This information may include identifying information, values, definitions, and related links.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |