CVSS: 6.8EPSS: 27%CPEs: 69EXPL: 0CVE-2008-0553 – tk: GIF handling buffer overflow
https://notcve.org/view.php?id=CVE-2008-0553
Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484. Un desbordamiento de búfer en la región stack de la memoria en la función ReadImage en el archivo tkImgGIF.c en Tk (Tcl/Tk) versiones anteriores a 8.5.1, permite a los atacantes remotos ejecutar código arbitrario por medio de una imagen GIF diseñada, un problema similar a CVE-2006-4484. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html http://secunia.com/advisories/28784 http://secunia.com/advisories/28807 http://secunia.com/advisories/28848 http://secunia.com/advisories/28857 http://secunia.com/advisories/28867 http://secunia.com/advisories/28954 http://secunia.com/advisories/29069 http://secunia.com/advisories/29070 http://secunia.com/advisories/29622 http://secunia.com/advisories/30129 http://secunia.com/advisories/30188 http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 57EXPL: 1CVE-2007-6067 – postgresql: tempory DoS caused by slow regex NFA cleanup
https://notcve.org/view.php?id=CVE-2007-6067
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states. Vulnerabilidad de complejidad algorítmica en el analizador de la expresión regular en TCL en versiones anteriores a 8.4.17, tal como se utiliza en PostgreSQL 8.2 en versiones anteriores a 8.2.6, 8.1 en versiones anteriores a 8.1.11, 8.0 en versiones anteriores a 8.0.15 y 7.4 en versiones anteriores a 7.4.19, permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de memoria) a través de una expresión regular "compleja" manipulada con estados doblemente anidados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html http://rhn.redhat.com/errata/RHSA-2013-0122.html http://secunia.com/advisories/28359 http://secunia.com/advisories/28376 http://secunia.com/advisories/28437 http://secunia.com/advisories/28438 http://secunia.com/advisories/28454 http://secunia.com/advisories/28455 http: • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 1%CPEs: 57EXPL: 0CVE-2007-4769 – postgresql integer overflow in regex code
https://notcve.org/view.php?id=CVE-2007-4769
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number. El analizador de expresiones regulares en TCL versiones anteriores a 8.4.17, como es usado en PostgreSQL versiones 8.2 anteriores a 8.2.6,versiones 8.1 anteriores a 8.1.11, versiones 8.0 anteriores a 8.0.15 y versiones 7.4 anteriores a 7.4.19, permite a usuarios autenticados remotos causar una denegación de servicio (bloqueo del backend) por medio de un número backref fuera de límites. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html http://secunia.com/advisories/28359 http://secunia.com/advisories/28376 http://secunia.com/advisories/28437 http://secunia.com/advisories/28438 http://secunia.com/advisories/28454 http://secunia.com/advisories/28455 http://secunia.com/advisories/28464 http://secunia.com/advisories/28477 http://secunia.com/advisories/28479 http:/&#x • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 3%CPEs: 2EXPL: 0CVE-2007-5378 – Tk GIF processing buffer overflow
https://notcve.org/view.php?id=CVE-2007-5378
Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137. Desbordamiento de búfer en la función FileReadGIF de tkImgGIF.c para Tk Toolkit 8.4.12 y anteriores, y 8.3.5 y anteriores, permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (violación de segmento) mediante un GIF animado en el cual la primera sub-imagen es más pequeña que una sub-imagen subsiguiente, lo cual dispara el desbordamiento en la función REadImage, una vulnerabilidad diferente de CVE-2007-5137. • http://secunia.com/advisories/27207 http://secunia.com/advisories/27295 http://secunia.com/advisories/27801 http://secunia.com/advisories/27806 http://secunia.com/advisories/29070 http://secunia.com/advisories/30129 http://secunia.com/advisories/30535 http://secunia.com/advisories/34297 http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1 http://www.attrition.org/pipermail/vim/2007-October/001826.html http://www.debian.org/security/2007/dsa-1415 http://w • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 33%CPEs: 3EXPL: 0CVE-2007-5137 – Tk GIF processing buffer overflow
https://notcve.org/view.php?id=CVE-2007-5137
Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378. Un desbordamiento de búfer en la función ReadImage en el archivo generic/tkImgGIF.c en Tcl (Tcl/Tk) versiones 8.4.13 hasta 8.4.15, permite a atacantes remotos ejecutar código arbitrario por medio de archivos GIF entrelazados de múlti-trama en los que las tramas posteriores son más pequeñas que la primera. NOTA: este problema es debido a un parche incorrecto para CVE-2007-5378. • http://bugs.gentoo.org/show_bug.cgi?id=192539 http://secunia.com/advisories/26942 http://secunia.com/advisories/27086 http://secunia.com/advisories/27182 http://secunia.com/advisories/27207 http://secunia.com/advisories/27229 http://secunia.com/advisories/27295 http://secunia.com/advisories/29069 http://secunia.com/advisories/34297 http://security.gentoo.org/glsa/glsa-200710-07.xml http://sourceforge.net/project/shownotes.php?release_id=541207 http://www.attrition.org/p • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •