Mandrake Linux

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

Published: 2008-01-12T02:00:00.000Z
Updated: 2024-08-07T16:02:36.031Z

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

Published: 2007-11-07T20:00:00.000Z
Updated: 2024-08-07T15:17:28.328Z

Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.

Published: 2007-09-18T19:00:00.000Z
Updated: 2024-08-07T15:17:27.081Z

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.

Published: 2007-09-18T19:00:00.000Z
Updated: 2024-08-07T14:46:38.696Z

Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.

Published: 2007-06-21T20:00:00.000Z
Updated: 2024-08-07T13:49:57.659Z

The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference.

Published: 2007-03-20T22:00:00.000Z
Updated: 2024-08-07T12:59:08.589Z

Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c.

Published: 2007-03-20T22:00:00.000Z
Updated: 2024-08-07T12:59:08.577Z

The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID.

Published: 2007-03-20T22:00:00.000Z
Updated: 2024-08-07T12:59:08.576Z

Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value.

Published: 2007-03-20T22:00:00.000Z
Updated: 2024-08-07T12:59:08.975Z

Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection.

Published: 2007-03-20T22:00:00.000Z
Updated: 2024-08-07T12:59:08.497Z

Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

Published: 2007-04-06T01:00:00.000Z
Updated: 2024-08-07T12:50:35.267Z

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

Published: 2007-04-06T01:00:00.000Z
Updated: 2024-08-07T12:50:35.134Z