CVSS: 7.5EPSS: 18%CPEs: 3EXPL: 0CVE-2014-4484 – Apple Mac OS X DFont Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4484
FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file. FontParser en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un fichero .dfont manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of a dfont file. When processing a malformed dfont file, a specified value is parsed from the file and passed to the memmove API call which can cause memory corruption. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://www.securitytracker.com/id/1031650 • CWE-19: Data Processing Errors •
CVSS: 7.5EPSS: 2%CPEs: 32EXPL: 3CVE-2015-0973
https://notcve.org/view.php?id=CVE-2015-0973
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. Desbordamiento de buffer en la función png_read_IDAT_data en pngrutil.c en libpng anterior a 1.5.21 y 1.6.x anterior a 1.6.16 permite a atacantes dependientes de contexto ejecutar código arbitrario a través de datos IDAT con una anchura grande, una vulnerabilidad diferente a CVE-2014-9495. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://secunia.com/advisories/62725 http://sourceforge.net/p/png-mng/mailman/message/33173461 http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt http://www.openwall.com/lists/oss-security/2015/01/10/1 http://www.openwall.com/lists/oss-security/2015/01/10/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html https://security.netapp.com/advisory/ntap-20240719-0005 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 0%CPEs: 11EXPL: 0CVE-2014-8151
https://notcve.org/view.php?id=CVE-2014-8151
The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. La función darwinssl_connect_step1 en lib/vtls/curl_darwinssl.c en libcurl 7.31.0 hasta 7.39.0, cuando utiliza el backend DarwinSSL (también conocido como SecureTransport) para TLS, no comprueba si una sesión TLS en caché validó el certificado cuando se reutiliza la sesión, lo que permite a atacantes man-in-the-middle falsificar servidores a través de un certificado manipulado. • http://curl.haxx.se/docs/adv_20150108A.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://secunia.com/advisories/61925 https://security.gentoo.org/glsa/201701-47 https://support.apple.com/kb/HT205031 •
CVSS: 10.0EPSS: 2%CPEs: 31EXPL: 0CVE-2014-9495
https://notcve.org/view.php?id=CVE-2014-9495
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. Desbordamiento de buffer basado en memoria dinámica en la función png_combine_row en libpng en versiones anteriores a 1.5.21 y 1.6.x en versiones anteriores a 1.6.16, cuando se ejecuta en sistemas de 64 bits, podría permitir a atacantes dependientes del contexto ejecutar código arbitrario a través de una imagen PNG "entrelazada muy ampliamente". • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://secunia.com/advisories/62725 http://sourceforge.net/p/png-mng/mailman/message/33172831 http://sourceforge.net/p/png-mng/mailman/message/33173461 http://www.openwall.com/lists/oss-security/2015/01/04/3 http://www.openwall.com/lists/oss-security/2015/01/10/1 http://www.openwall.com/lists/oss-security/2015/01/10/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 3EXPL: 0CVE-2014-9425 – php: Double-free in zend_ts_hash_graceful_destroy()
https://notcve.org/view.php?id=CVE-2014-9425
Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de doble liberación en la función zend_ts_hash_graceful_destroy en zend_ts_hash.c en Zend Engine en PHP hasta 5.5.20 y 5.6.x hasta 5.6.4 permite a atacantes remotos causar una denegación de servicio o la posibilidad de tener otro impacto sin especificar a través de vectores no conocidos. A double free flaw was found in zend_ts_hash_graceful_destroy() function in the PHP ZTS module. This flaw could possibly cause a PHP application to crash. • http://advisories.mageia.org/MGASA-2015-0040.html http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=24125f0f26f3787c006e4a51611ba33ee3b841cb http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2bcf69d073190e4f032d883f3416dea1b027a39e http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=fbf3a6bc1abcc8a5b5226b0ad9464c37f11ddbd6 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://openwall.com/lists/oss-security/2014/12/29/6 http://rhn.redhat.com/errata/RHSA-2015-1218.html http:&# • CWE-416: Use After Free •