NotCVE - vendor:"Opensuse" product:"Opensuse" version:"11.2"

Page 2 of 105 results (0.049 seconds)

CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0

CVE-2015-2188 – wireshark: The WCP dissector could crash while decompressing data (wnpa-sec-2015-07)

https://notcve.org/view.php?id=CVE-2015-2188

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. epan/dissectors/packet-wcp.c en el disector WCP en Wireshark 1.10.x anterior a 1.10.13 y 1.12.x anterior a 1.12.4 no inicializa correctamente una estructura de datos, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de la aplicación) a través de un paquete manipulado que no se maneja correctamente durante la decompresión. • http://advisories.mageia.org/MGASA-2015-0117.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html http://www.debian.org/security/2015/dsa-3210 http://www.mandriva.com/security/advisories?name=MDVSA-2015:183 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72942 http://www.securitytracker.com/id/1031858 http://www.wireshark.org/securit • CWE-19: Data Processing Errors CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0

CVE-2015-2190

https://notcve.org/view.php?id=CVE-2015-2190

epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. epan/proto.c en Wireshark 1.12.x anterior a 1.12.4 no maneja correctamente los tipos de datos de enteros mayores a 32 bits en tamaño, lo que permite a atacantes remotos causar una denegación de servicio (fallo de aserción y salida de la aplicación) a través de un paquete manipulado que no está correctamente manejado por el disector LLDP. • http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/72938 http://www.securitytracker.com/id/1031858 http://www.wireshark.org/security/wnpa-sec-2015-09.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10983 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=d1865e000ebedf49fc0d9f221a11d6af74360837 https://security.gentoo.org/glsa/201510-03 • CWE-19: Data Processing Errors •

CVSS: 6.8EPSS: 2%CPEs: 24EXPL: 1

CVE-2014-9666

https://notcve.org/view.php?id=CVE-2014-9666

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap. La función tt_sbit_decoder_init en sfnt/ttsbit.c en FreeType anterior a 2.5.4 proceda con una asociación de contar a tamaño (count-to-size) sin restringir el valor de la cuenta, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de enteros y lectura fuera de rango o posiblemente tener otro impacto a través de un bitmap embebido manipulado. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=167 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=257c270bd25e15890190a28a1456e7623bba4439 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://www.debian.org/security/2015/dsa-3188 http • CWE-189: Numeric Errors •

CVSS: 6.8EPSS: 1%CPEs: 24EXPL: 1

CVE-2014-9669 – freetype: multiple integer overflows leading to buffer over-reads in cmap handling

https://notcve.org/view.php?id=CVE-2014-9669

Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table. Múltiples desbordamientos de enteros en sfnt/ttcmap.c en FreeType anterior a 2.5.4 permiten a atacantes remotos causar una denegación de servicio (lectura fuera de rango o corrupción de memoria) o posiblemente tener otro impacto no especificado a través de una tabla SFNT cmap manipulada. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=163 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040b1112c9f94d68e200be59ea7ac3d104565 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://rhn.redhat.com/errata/RHSA-2015-0696.html • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 2%CPEs: 24EXPL: 1

CVE-2014-9660 – freetype: missing ENDCHAR NULL pointer dereference in the _bdf_parse_glyphs()

https://notcve.org/view.php?id=CVE-2014-9660

The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font. La función _bdf_parse_glyphs en bdf/bdflib.c en FreeType anterior a 2.5.4 no maneja correctamente un registro ENDCHAR perdido, lo que permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) o posiblemente tener otro impacto no especificado a través de una fuente BDF manipulada. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=188 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=af8346172a7b573715134f7a51e6c5c60fa7f2ab http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://rhn.redhat.com/errata/RHSA-2015-0696.html • CWE-476: NULL Pointer Dereference •

1 2 3 4 5