Lines 58-63
Link Here
|
58 |
|
58 |
|
59 |
--> |
59 |
--> |
60 |
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> |
60 |
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> |
|
|
61 |
<vuln vid="ca139c7f-2a8c-11e5-a4a5-002590263bf5"> |
62 |
<topic>libwmf -- multiple vulnerabilities</topic> |
63 |
<affects> |
64 |
<package> |
65 |
<name>libwmf</name> |
66 |
<range><lt>0.2.8.4_14</lt></range> |
67 |
</package> |
68 |
</affects> |
69 |
<description> |
70 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
71 |
<p>Mitre reports:</p> |
72 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0941"> |
73 |
<p>Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 |
74 |
and earlier may allow remote attackers to execute arbitrary code via |
75 |
malformed image files that trigger the overflows due to improper |
76 |
calls to the gdMalloc function, a different set of vulnerabilities |
77 |
than CVE-2004-0990.</p> |
78 |
</blockquote> |
79 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455"> |
80 |
<p>Buffer overflow in the gdImageStringFTEx function in gdft.c in GD |
81 |
Graphics Library 2.0.33 and earlier allows remote attackers to cause |
82 |
a denial of service (application crash) and possibly execute |
83 |
arbitrary code via a crafted string with a JIS encoded font.</p> |
84 |
</blockquote> |
85 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756"> |
86 |
<p>The gdPngReadData function in libgd 2.0.34 allows user-assisted |
87 |
attackers to cause a denial of service (CPU consumption) via a |
88 |
crafted PNG image with truncated data, which causes an infinite loop |
89 |
in the png_read_info function in libpng.</p> |
90 |
</blockquote> |
91 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472"> |
92 |
<p>Integer overflow in gdImageCreateTrueColor function in the GD |
93 |
Graphics Library (libgd) before 2.0.35 allows user-assisted remote |
94 |
attackers to have unspecified attack vectors and impact.</p> |
95 |
</blockquote> |
96 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473"> |
97 |
<p>The gdImageCreateXbm function in the GD Graphics Library (libgd) |
98 |
before 2.0.35 allows user-assisted remote attackers to cause a |
99 |
denial of service (crash) via unspecified vectors involving a |
100 |
gdImageCreate failure.</p> |
101 |
</blockquote> |
102 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477"> |
103 |
<p>The (a) imagearc and (b) imagefilledarc functions in GD Graphics |
104 |
Library (libgd) before 2.0.35 allow attackers to cause a denial of |
105 |
service (CPU consumption) via a large (1) start or (2) end angle |
106 |
degree value.</p> |
107 |
</blockquote> |
108 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546"> |
109 |
<p>The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before |
110 |
5.3.1, and the GD Graphics Library 2.x, does not properly verify a |
111 |
certain colorsTotal structure member, which might allow remote |
112 |
attackers to conduct buffer overflow or buffer over-read attacks via |
113 |
a crafted GD file, a different vulnerability than CVE-2009-3293. |
114 |
NOTE: some of these details are obtained from third party |
115 |
information.</p> |
116 |
</blockquote> |
117 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0848"> |
118 |
<p>Heap-based buffer overflow in libwmf 0.2.8.4 allows remote |
119 |
attackers to cause a denial of service (crash) or possibly execute |
120 |
arbitrary code via a crafted BMP image.</p> |
121 |
</blockquote> |
122 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4695"> |
123 |
<p>meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial |
124 |
of service (out-of-bounds read) via a crafted WMF file.</p> |
125 |
</blockquote> |
126 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4696"> |
127 |
<p>Use-after-free vulnerability in libwmf 0.2.8.4 allows remote |
128 |
attackers to cause a denial of service (crash) via a crafted WMF |
129 |
file to the (1) wmf2gd or (2) wmf2eps command.</p> |
130 |
</blockquote> |
131 |
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4588"> |
132 |
<p>Heap-based buffer overflow in the DecodeImage function in libwmf |
133 |
0.2.8.4 allows remote attackers to cause a denial of service (crash) |
134 |
or possibly execute arbitrary code via a crafted "run-length count" |
135 |
in an image in a WMF file.</p> |
136 |
</blockquote> |
137 |
</body> |
138 |
</description> |
139 |
<references> |
140 |
<bid>11663</bid> |
141 |
<bid>22289</bid> |
142 |
<bid>24089</bid> |
143 |
<bid>24651</bid> |
144 |
<bid>36712</bid> |
145 |
<cvename>CVE-2004-0941</cvename> |
146 |
<cvename>CVE-2007-0455</cvename> |
147 |
<cvename>CVE-2007-2756</cvename> |
148 |
<cvename>CVE-2007-3472</cvename> |
149 |
<cvename>CVE-2007-3473</cvename> |
150 |
<cvename>CVE-2007-3477</cvename> |
151 |
<cvename>CVE-2009-3546</cvename> |
152 |
<cvename>CVE-2015-0848</cvename> |
153 |
<cvename>CVE-2015-4695</cvename> |
154 |
<cvename>CVE-2015-4696</cvename> |
155 |
<cvename>CVE-2015-4588</cvename> |
156 |
</references> |
157 |
<dates> |
158 |
<discovery>2014-10-12</discovery> |
159 |
<entry>2015-07-15</entry> |
160 |
</dates> |
161 |
</vuln> |
162 |
|
61 |
<vuln vid="8d2d6bbd-2a02-11e5-a0af-bcaec565249c"> |
163 |
<vuln vid="8d2d6bbd-2a02-11e5-a0af-bcaec565249c"> |
62 |
<topic>Adobe Flash Player -- critical vulnerabilities</topic> |
164 |
<topic>Adobe Flash Player -- critical vulnerabilities</topic> |
63 |
<affects> |
165 |
<affects> |