CVE-2008-2371
https://notcve.org/view.php?id=CVE-2008-2371
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches. Desbordamiento de búfer basado en montículo en pcre_compile.c en la biblioteca Perl-Compatible Regular Expression (PCRE) 7.7, permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) o la posibilidad de ejecutar código de su elección a través de expresiones regulares que comienzan con un opción y contienen múltiples ramas. • http://bugs.gentoo.org/show_bug.cgi?id=228091 http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://secunia.com/advisories/30916& • CWE-787: Out-of-bounds Write •
CVE-2008-2009 – vorbis: insufficient validation of Huffman tree causing memory corruption in _make_decode_tree()
https://notcve.org/view.php?id=CVE-2008-2009
Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function. Xiph.org libvorbis versiones anteriores a 1.0 no comprueba apropiadamente para árboles poco poblados Huffman, lo cual permite a atacantes remotos provocar una denegación de servicio (caída) a través de ficheros OGG manipulados que disparan una corrupción de memoria durante la ejecución de la función _make_decode_tree. • http://secunia.com/advisories/30247 http://www.redhat.com/support/errata/RHSA-2008-0271.html http://www.securitytracker.com/id?1020029 http://www.ubuntu.com/usn/USN-861-1 http://www.vupen.com/english/advisories/2008/1510/references https://bugzilla.redhat.com/show_bug.cgi?id=444443 https://exchange.xforce.ibmcloud.com/vulnerabilities/42521 https://access.redhat.com/security/cve/CVE-2008-2009 •