iDefense Security Advisory 11.30.06 - Remote exploitation of a heap overflow vulnerability in libgsf, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code. iDefense has confirmed the existence of this vulnerability in version 1.14.0 of the Gnome Structured File library. Any applications or libraries that utilize this library for OLE should be considered vulnerable.
5d4c56467eb778c75d08c305bfec51da69d2f5789a00f83e1d00ad34f3088755
libwmf version 0.2.8.4 has been found susceptible to an integer overflow in memory allocation that leads to a heap overflow.
bd8dadf074afb77c1e1dcaff5970a2d24b3b85d8a32148d37d67bb55551bbb06
iDEFENSE Security Advisory 12.05.05 - Local exploitation of a heap-based buffer overflow vulnerability in xpdf, as included by various vendor's software distributions, could allow attackers to cause a denial of service (DoS) condition, potentially resulting in arbitrary code execution. The vulnerability specifically exists due to insufficient input validation in the Predictor stream parsing code. iDefense has confirmed the existence of this vulnerability in xpdf 3.01. All earlier versions of xpdf are suspected vulnerable.
8bcb44661cdacec7ceadd97f0cc736bb5622e16f70ec4bc0b0b5a315146b9d5c
iDEFENSE Security Advisory 12.05.05 - Local exploitation of a heap-based buffer overflow vulnerability in xpdf, as included by multiple vendor's software distributions, could allow attackers to cause a denial of service (DoS) condition, potentially resulting in arbitrary code execution. The vulnerability specifically exists due to insufficient input validation in the DCT stream parsing code. The DCTStream::readProgressiveSOF function from xpdf/Stream.cc takes the value of numComps from user-controllable data from within the PDF file. The numComps value is used in a loop to copy data from the file into a pre-allocated buffer in the heap. iDefense has confirmed the existence of this vulnerability in xpdf 3.01. All earlier versions of xpdf are suspected vulnerable.
c6103f732bea5f0f3b3c1eccfb9724f0b4ae65ebb4bcbf19c83b3651216ae70d
iDEFENSE Security Advisory 12.05.05 - Local exploitation of a heap-based buffer overflow vulnerability in xpdf, as included in various vendors' operating system distributions, could allow attackers to cause a denial of service condition, potentially resulting in arbitrary code execution. The vulnerability specifically exists due to insufficient input validation in the DCT stream parsing code. The DCTStream::readProgressiveSOF function from xpdf/Stream.cc takes the value of numComps from user-controllable data from within the PDF file. The numComps value is used in a loop to copy data from the file into a pre-allocated buffer in the heap. iDefense has confirmed the existence of this vulnerability in xpdf 3.01. All earlier versions of xpdf are suspected vulnerable.
1f21cf2f6e75e6932a8bc024b1576bb7b23fa3741017033cc4d840230b9e6e54
iDEFENSE Security Advisory 12.05.05 - Local exploitation of a heap-based buffer overflow vulnerability in xpdf, as included by multiple vendor's software distributions, could allow attackers to cause a denial of service (DoS) condition, potentially resulting in arbitrary code execution. The vulnerability specifically exists due to insufficient input validation in the JPX Stream parsing code for decoding embedded JPEG 2000 images. iDefense has confirmed the existence of this vulnerability in xpdf 3.01. All earlier versions of xpdf are suspected vulnerable.
461e2c30244cb0b905fd84506412e0b22210fbc6a3c74965d22b1ee24d1e7f5f
iDEFENSE Security Advisory 11.15.05 - Remote exploitation of heap overflow vulnerability in various vendors' implementations of the GTK+ gdk-pixbuf XPM image rendering library could allow for arbitrary code execution. iDEFENSE has confirmed the existence of this vulnerability in gtk+ 2.4.0 compiled from source. It is suspected that previous versions are also affected by this vulnerability.
9a1e17f88fa6218b97ce0ae4ed138dc184c63e9e937e052785cc119ca6a574ca
iDEFENSE Security Advisory 10.04.05-2 - Remote exploitation of a buffer overflow vulnerability in Symantec AntiVirus Scan Engine can allow remote attackers to execute arbitrary code. iDEFENSE Labs has confirmed the existence of this vulnerability in Symantec AntiVirus Scan Engine 4.0. The vendor has confirmed that the vulnerability also effects products utilizing Symantec AntiVirus Scan Engine 4.3, however Scan Engine 4.1 is not affected.
108341654e1a935e4d2076d655403559fe000d75561a5a6e6110ae15c2361826
iDEFENSE Security Advisory 10.04.05-1 - Remote exploitation of a buffer overflow vulnerability in the University of Washington's IMAP Server (UW-IMAP) allows attackers to execute arbitrary code. iDEFENSE has confirmed the existence of this vulnerability in Washington University imap-2004c1.
7d725edae7244a458754d80ce51bdd887cb05f856c6affc066bdd5364905672b
iDEFENSE Security Advisory 05.25.05-4 - Remote exploitation of a format string vulnerability in the imap4d server within version 0.6 of the GNU Project's Mailutils package could allow an unauthenticated attacker to execute arbitrary code. iDEFENSE Labs has verified the existence of this vulnerability in versions 0.5 and 0.6 of the GNU Mailutils package. It is suspected that any previous versions which contain the imap4d server are also affected.
4cf6b51e3b3de7821c70ccf23e85db00e625d0bb564cf87adce27d31b50b5a98
iDEFENSE Security Advisory 05.25.05-3 - Remote exploitation of an input validation in the FETCH command of the imap4d server from the GNU Project's Mailutils package error may allow an authenticated remote attacker to perform a denial of service against an affected system. iDEFENSE Labs has verified the existence of this vulnerability in versions 0.5 and 0.6 of the GNU Mailutils package. It is suspected that any previous versions which contain the imap4d server are also affected.
4c5aa30186c7162b02ebf906f88e2e4cd4f93d8df4ce8ddb3d8efc62e4187276
iDEFENSE Security Advisory 05.25.05-2 - Remote exploitation of an integer overflow in the fetch_io function of the imap4d server from the GNU Project's Mailutils package error may allow an authenticated remote attacker to execute arbitrary code. iDEFENSE Labs has verified the existence of this vulnerability in versions 0.5 and 0.6 of the GNU Mailutils package. It is suspected that any previous versions which contain the imap4d server are also affected.
7fb4d239272860005e990f7075e20c3f020b270fdedb6c8daade3f143553ad88
iDEFENSE Security Advisory 05.25.05-1 - Exploitation of a buffer overflow vulnerability in the mail binary of the GNU Projects Mailutils package may allow a remote attacker to execute commands with the privileges of the targeted user. iDEFENSE Labs has verified the existence of this vulnerability in versions 0.5 and 0.6 of the GNU Mailutils package. It is suspected that any previous versions may also be affected.
1ceee07eb37061ac9fd8bec29cf4094c916eb57a1044ae25e6c4c819f1873008
Remote root exploit for the preparse_address_1() heap buffer overflow in Smail versions 3.20.120 and below.
03fa4cf4484ee5197112b1be3896401a73baeca9c53af9ffcfb129454017221e
Smail versions 3.20.120 and below are susceptible to a remote root heap buffer overflow vulnerability and local signal handling vulnerabilities as well. Patch included.
687ed526cf062478c0cf3875a41bfd3238dd39ac7abefb34d516fac6450a322a
iDEFENSE Security Advisory 02.21.05 - Remote exploitation of a stack-based buffer overflow in various Unix / Linux vendors implementations of cURL could allow for arbitrary code execution on the targeted host. An exploitable stack-based buffer overflow condition exists when using Kerberos authentication.
a50d1b9c40577ef0879856693b164ebd622ca9837cccf42b229ed787f877b279
iDEFENSE Security Advisory 02.21.05 - Remote exploitation of a stack-based buffer overflow in various Unix / Linux vendors implementations of cURL could allow for arbitrary code execution on the targeted host. An exploitable stack-based buffer overflow condition exists when using NT Lan Manager (NTLM) authentication.
747bd27de063e14c01ea3bbdf599000f8a09b4f4b02690d729244fdbd998fe3e
iDEFENSE Security Advisory 12.21.2004-5 - Remote exploitation of an integer overflow in libtiff may allow for the execution of arbitrary code. The overflow occurs in the parsing of TIFF files set with the STRIPOFFSETS flag in libtiff/tif_dirread.c.
8a8254c9fc0b1a9b393e44e322fac00ab2ce5872586a7de59b5126de5d2f2431
iDEFENSE Security Advisory 12.21.2004-4 - Remote exploitation of a heap-based buffer overflow vulnerability within the LibTIFF package could allow attackers to execute arbitrary code.
29d38151960c7c164835aed41fe8fc1b9de34bb6dce44ac108c2d43e583658a1
iDEFENSE Security Advisory 12.13.2004 - Remote exploitation of an integer overflow vulnerability in various vendors' implementations of the read_prf_file method in the xzgv program could allow for arbitrary code execution.
5393676d2ee5c00ab36a17babbea1215962c2e1c88dc9a22161fdebf79ec7187
zgv uses malloc() frequently to allocate memory for storing image data. When calculating how much to allocate, user supplied data from image headers is multiplied and/or added without any checks for arithmetic overflows. There are a total of 11 overflows that are exploitable to execute arbitrary code.
384321769122fcd48526d6ca52ea357c6591e42351db86b1769e1b9d247e3dd5
Remote root exploit for a heap buffer overflow in wvftp-0.9.
9593f0c5fd5fd0c44d00731d177d4bc57c6937f84780bfbf1801854b65e8faf1
The GNU tftp client in the inetutils-1.4.2 is susceptible to buffer overflow attacks. Due to untrusted data from DNS resolved hostname being copied into finite static buffers without any bounds checking, several buffers can be overflowed in the .bss. Arbitrary code execution is possible.
5eb3d155894c1cfde68846c89bedeb4204bb3d8d2f781339cec732d062d962a0
Improper verification of header fields lets an attacker make the pppd server from ppp-241 access memory it isn't allowed to, resulting in a crash of the server. There is no possibility of code execution, as there is no data being copied, just a pointer dereferenced.
574ce2da45902592be233f5fc4f8dac25e1f63f317486c8767787082f1cd1486
Local exploit tested against libxml2-2.6.12 and libxml2-2.6.13 that makes use of libxml remotely exploitable buffer overflows.
df45b66cae305c03efbb5a88fba4a7f4c1d037611a3521f385486026caaff373