Computer Security
[EN] no-pyccku

Adobe Flash Player code execution
SecurityVulns ID:9689
Threat Level:
Description:Invalid processing of virtual functions.
Affected:ADOBE : Flash Player 9.0
CVE:CVE-2009-0520 (Adobe Flash Player 9.x before and 10.x before does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue.")
Original documentdocumentIDEFENSE, iDefense Security Advisory 02.24.09: Adobe Flash Player Invalid Object Reference Vulnerability (25.02.2009)

PyCrypto python module DoS
SecurityVulns ID:9690
Threat Level:
Description:DoS on ARC2 key processing
Affected:PYTHON : PyCrypto 2.0
CVE:CVE-2009-0544 (Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:050-1 ] python-pycrypto (25.02.2009)

libpng multiple security vulnerabilities
SecurityVulns ID:9691
Threat Level:
Description:Few vulnerabilities potentially allow code execution on PNG parsing.
Affected:libpng : libpng 1.2
 libpng : libpng 1.0
CVE:CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.)
 CVE-2008-5907 (The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:051 ] libpng (25.02.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod