Computer Security
[EN] securityvulns.ru no-pyccku


FreeType2 library multiple security vulnerabilities
Published:10.06.2008
Source:
SecurityVulns ID:9072
Type:library
Threat Level:
7/10
Description:Multiple integer overflows, buffer overflows, memory corruptions.
Affected:FREETYPE : FreeType 2.3
CVE:CVE-2008-1808 (Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.)
 CVE-2008-1807 (FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.)
 CVE-2008-1806 (Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.10.08: Multiple Vendor FreeType2 Multiple Heap Overflow Vulnerabilities (10.06.2008)
 documentIDEFENSE, iDefense Security Advisory 06.10.08: Multiple Vendor FreeType2 PFB Memory Corruption Vulnerability (10.06.2008)
 documentIDEFENSE, iDefense Security Advisory 06.10.08: Multiple Vendor FreeType2 PFB Integer Overflow Vulnerability (10.06.2008)

Multiple SNMPv3 authentication implementations bypass
Published:10.06.2008
Source:
SecurityVulns ID:9069
Type:remote
Threat Level:
6/10
Description:User-supplied number of signature bytes are checked on signature validation.
Affected:CISCO : IOS 12.0
 CISCO : IOS 12.1
 CISCO : IOS 12.2
 CISCO : IOS 12.3
 CISCO : IOS 12.4
 NETSNMP : Net-SNMP 5.2
 CISCO : IOS XR 3.2
 NETSNMP : Net-SNMP 5.3
 CISCO : IOS XR 3.4
 CISCO : CatOS 7.6
 CISCO : CatOS 8.5
 CISCO : IOS XR 3.3
 NETSNMP : Net-SNMP 5.4
 CISCO : CatOS 6.4
 CISCO : CatOS 8.6
 CISCO : NX-OS 4.0
CVE:CVE-2008-0960
Original documentdocumentCISCO, Cisco Security Advisory: SNMP Version 3 Authentication Vulnerabilities (10.06.2008)
 documentCERT, US-CERT Technical Cyber Security Alert TA08-162A -- SNMPv3 Authentication Bypass Vulnerability (10.06.2008)
 documentAndrea Barisani, [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing (10.06.2008)

OpenOffice integer overflow
Published:10.06.2008
Source:
SecurityVulns ID:9071
Type:client
Threat Level:
6/10
Description:Buffer overflow in rtl_allocateMemory() on different file formats parsing.
Affected:OPENOFFICE : OpenOffice 2.4
CVE:CVE-2008-2152
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.10.08: Multiple Vendor OpenOffice rtl_allocateMemory() Integer Overflow Vulnerability (10.06.2008)

Apple QuickTime buffer overflow
updated since 10.06.2008
Published:11.06.2008
Source:
SecurityVulns ID:9070
Type:client
Threat Level:
7/10
Description:Buffer overflow on PICT images, INDEO video parsing.
Affected:APPLE : QuickTime 7.4
CVE:CVE-2008-1585
 CVE-2008-1584
 CVE-2008-1581
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA08-162C -- Apple Quicktime Updates for Multiple Vulnerabilities (11.06.2008)
 documentZDI, ZDI-08-037: Apple QuickTime Indeo Video Buffer Overflow Vulnerability (10.06.2008)
 documentSECUNIA, Secunia Research: Apple QuickTime PICT Image Parsing Buffer Overflow (10.06.2008)
 documentSECUNIA, Secunia Research: Apple QuickTime PICT Image Parsing Buffer Overflow (10.06.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod