Computer Security
[EN] securityvulns.ru no-pyccku


Adobe Flash Player code execution
Published:25.02.2009
Source:
SecurityVulns ID:9689
Type:client
Threat Level:
9/10
Description:Invalid processing of virtual functions.
Affected:ADOBE : Flash Player 9.0
CVE:CVE-2009-0520 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue.")
Original documentdocumentIDEFENSE, iDefense Security Advisory 02.24.09: Adobe Flash Player Invalid Object Reference Vulnerability (25.02.2009)

PyCrypto python module DoS
Published:25.02.2009
Source:
SecurityVulns ID:9690
Type:library
Threat Level:
5/10
Description:DoS on ARC2 key processing
Affected:PYTHON : PyCrypto 2.0
CVE:CVE-2009-0544 (Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:050-1 ] python-pycrypto (25.02.2009)

libpng multiple security vulnerabilities
Published:25.02.2009
Source:
SecurityVulns ID:9691
Type:library
Threat Level:
6/10
Description:Few vulnerabilities potentially allow code execution on PNG parsing.
Affected:libpng : libpng 1.2
 libpng : libpng 1.0
CVE:CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.)
 CVE-2008-5907 (The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:051 ] libpng (25.02.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod