|
Lines 58-63
Link Here
|
| 58 |
|
58 |
|
| 59 |
--> |
59 |
--> |
| 60 |
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> |
60 |
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> |
|
|
61 |
<vuln vid="ca139c7f-2a8c-11e5-a4a5-002590263bf5"> |
| 62 |
<topic>libwmf -- multiple vulnerabilities</topic> |
| 63 |
<affects> |
| 64 |
<package> |
| 65 |
<name>libwmf</name> |
| 66 |
<range><lt>0.2.8.4_14</lt></range> |
| 67 |
</package> |
| 68 |
</affects> |
| 69 |
<description> |
| 70 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
| 71 |
<p>Mitre reports:</p> |
| 72 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0941"> |
| 73 |
<p>Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 |
| 74 |
and earlier may allow remote attackers to execute arbitrary code via |
| 75 |
malformed image files that trigger the overflows due to improper |
| 76 |
calls to the gdMalloc function, a different set of vulnerabilities |
| 77 |
than CVE-2004-0990.</p> |
| 78 |
</blockquote> |
| 79 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455"> |
| 80 |
<p>Buffer overflow in the gdImageStringFTEx function in gdft.c in GD |
| 81 |
Graphics Library 2.0.33 and earlier allows remote attackers to cause |
| 82 |
a denial of service (application crash) and possibly execute |
| 83 |
arbitrary code via a crafted string with a JIS encoded font.</p> |
| 84 |
</blockquote> |
| 85 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756"> |
| 86 |
<p>The gdPngReadData function in libgd 2.0.34 allows user-assisted |
| 87 |
attackers to cause a denial of service (CPU consumption) via a |
| 88 |
crafted PNG image with truncated data, which causes an infinite loop |
| 89 |
in the png_read_info function in libpng.</p> |
| 90 |
</blockquote> |
| 91 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472"> |
| 92 |
<p>Integer overflow in gdImageCreateTrueColor function in the GD |
| 93 |
Graphics Library (libgd) before 2.0.35 allows user-assisted remote |
| 94 |
attackers to have unspecified attack vectors and impact.</p> |
| 95 |
</blockquote> |
| 96 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473"> |
| 97 |
<p>The gdImageCreateXbm function in the GD Graphics Library (libgd) |
| 98 |
before 2.0.35 allows user-assisted remote attackers to cause a |
| 99 |
denial of service (crash) via unspecified vectors involving a |
| 100 |
gdImageCreate failure.</p> |
| 101 |
</blockquote> |
| 102 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477"> |
| 103 |
<p>The (a) imagearc and (b) imagefilledarc functions in GD Graphics |
| 104 |
Library (libgd) before 2.0.35 allow attackers to cause a denial of |
| 105 |
service (CPU consumption) via a large (1) start or (2) end angle |
| 106 |
degree value.</p> |
| 107 |
</blockquote> |
| 108 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546"> |
| 109 |
<p>The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before |
| 110 |
5.3.1, and the GD Graphics Library 2.x, does not properly verify a |
| 111 |
certain colorsTotal structure member, which might allow remote |
| 112 |
attackers to conduct buffer overflow or buffer over-read attacks via |
| 113 |
a crafted GD file, a different vulnerability than CVE-2009-3293. |
| 114 |
NOTE: some of these details are obtained from third party |
| 115 |
information.</p> |
| 116 |
</blockquote> |
| 117 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0848"> |
| 118 |
<p>Heap-based buffer overflow in libwmf 0.2.8.4 allows remote |
| 119 |
attackers to cause a denial of service (crash) or possibly execute |
| 120 |
arbitrary code via a crafted BMP image.</p> |
| 121 |
</blockquote> |
| 122 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4695"> |
| 123 |
<p>meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial |
| 124 |
of service (out-of-bounds read) via a crafted WMF file.</p> |
| 125 |
</blockquote> |
| 126 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4696"> |
| 127 |
<p>Use-after-free vulnerability in libwmf 0.2.8.4 allows remote |
| 128 |
attackers to cause a denial of service (crash) via a crafted WMF |
| 129 |
file to the (1) wmf2gd or (2) wmf2eps command.</p> |
| 130 |
</blockquote> |
| 131 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4588"> |
| 132 |
<p>Heap-based buffer overflow in the DecodeImage function in libwmf |
| 133 |
0.2.8.4 allows remote attackers to cause a denial of service (crash) |
| 134 |
or possibly execute arbitrary code via a crafted "run-length count" |
| 135 |
in an image in a WMF file.</p> |
| 136 |
</blockquote> |
| 137 |
</body> |
| 138 |
</description> |
| 139 |
<references> |
| 140 |
<bid>11663</bid> |
| 141 |
<bid>22289</bid> |
| 142 |
<bid>24089</bid> |
| 143 |
<bid>24651</bid> |
| 144 |
<bid>36712</bid> |
| 145 |
<cvename>CVE-2004-0941</cvename> |
| 146 |
<cvename>CVE-2007-0455</cvename> |
| 147 |
<cvename>CVE-2007-2756</cvename> |
| 148 |
<cvename>CVE-2007-3472</cvename> |
| 149 |
<cvename>CVE-2007-3473</cvename> |
| 150 |
<cvename>CVE-2007-3477</cvename> |
| 151 |
<cvename>CVE-2009-3546</cvename> |
| 152 |
<cvename>CVE-2015-0848</cvename> |
| 153 |
<cvename>CVE-2015-4695</cvename> |
| 154 |
<cvename>CVE-2015-4696</cvename> |
| 155 |
<cvename>CVE-2015-4588</cvename> |
| 156 |
</references> |
| 157 |
<dates> |
| 158 |
<discovery>2014-10-12</discovery> |
| 159 |
<entry>2015-07-15</entry> |
| 160 |
</dates> |
| 161 |
</vuln> |
| 162 |
|
| 61 |
<vuln vid="8d2d6bbd-2a02-11e5-a0af-bcaec565249c"> |
163 |
<vuln vid="8d2d6bbd-2a02-11e5-a0af-bcaec565249c"> |
| 62 |
<topic>Adobe Flash Player -- critical vulnerabilities</topic> |
164 |
<topic>Adobe Flash Player -- critical vulnerabilities</topic> |
| 63 |
<affects> |
165 |
<affects> |