CVE-2013-7020
https://notcve.org/view.php?id=CVE-2013-7020
The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data. La función read_header function en libavcodec/ffv1dec.c en FFmpeg anterior a v2.1 no aplica correctamente ciertas restricciones en el número de bits y en el espacio de colores, lo que permite a atacantes remotos provocar una denegación de servicio (acceso a array fuera de rango) o posiblemente tener otro impacto no especificado a través de información FFV1 manipulada. • http://ffmpeg.org/security.html http://openwall.com/lists/oss-security/2013/11/26/7 http://openwall.com/lists/oss-security/2013/12/08/3 http://secunia.com/advisories/61389 http://www.debian.org/security/2014/dsa-3027 http://www.mandriva.com/security/advisories?name=MDVSA-2014:227 https://github.com/FFmpeg/FFmpeg/commit/b05cd1ea7e45a836f7f6071a716c38bb30326e0f https://security.gentoo.org/glsa/201603-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-4134
https://notcve.org/view.php?id=CVE-2013-4134
OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key. OpenAFS anterior a 1.4.15, 1.6.x anterior a 1.6.5 y 1.7.x anterior a 1.7.26 utiliza cifrado débil (DES) para las claves de Kerberos, lo que hace que sea más fácil para los atacantes remotos para obtener la clave de servicio. • http://www.debian.org/security/2013/dsa-2729 http://www.mandriva.com/security/advisories?name=MDVSA-2014:244 http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt • CWE-310: Cryptographic Issues •
CVE-2013-2064 – libxcb: Integer overflow leading to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2013-2064
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. Desbordamiento de entero en X.org libxcb v1.9 y anteriores permite a los servidores X activar la asignación de memoria insuficiente y provocar un desbordamiento de búfer a través de vectores relacionados con la función read_packet. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00137.html http://www.debian.org/security/2013/dsa-2686 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/60148 http://www.ubuntu.com/usn/USN-1855-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access. • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVE-2011-1400
https://notcve.org/view.php?id=CVE-2011-1400
The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document. La configuración por defecto de la directiva de shell_escape_commands en el archivo conf/texmf.d/95NonPath.cnf en el paquete tex-common anterior a versión 2.08.1 en Debian GNU/Linux squeeze, Ubuntu versiones 10.10 y 10.04 LTS, y posiblemente otros sistemas operativos, enumera ciertos programas, que podrían permitir a los atacantes remotos ejecutar código arbitrario por medio de un documento TeX especialmente diseñado. • http://secunia.com/advisories/43816 http://secunia.com/advisories/43973 http://svn.debian.org/wsvn/debian-tex/?op=comp&compare%5B%5D=%2Ftex-common%2Ftrunk%404781&compare%5B%5D=%2Ftex-common%2Ftrunk%404812 http://svn.debian.org/wsvn/debian-tex/tex-common/trunk/?op=log http://www.debian.org/security/2011/dsa-2198 http://www.securityfocus.com/bid/46986 http://www.ubuntu.com/usn/USN-1103-1 http://www.vupen.com/english/advisories/2011/0731 http://www.vupen.com • CWE-16: Configuration •
CVE-2005-0005
https://notcve.org/view.php?id=CVE-2005-0005
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers. • http://marc.info/?l=bugtraq&m=110608222117215&w=2 http://www.debian.org/security/2005/dsa-646 http://www.gentoo.org/security/en/glsa/glsa-200501-37.xml http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities http://www.redhat.com/support/errata/RHSA-2005-070.html http://www.redhat.com/support/errata/RHSA-2005-071.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9925 https://access.redhat.com/security/cve/CVE-2 •