MandrakeSoft Mandrake Linux 10.1

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

Published: 2006-01-06T22:00:00.000Z
Updated: 2024-08-07T23:17:23.446Z

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

Published: 2006-01-06T22:00:00.000Z
Updated: 2024-08-07T23:17:23.366Z

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

Published: 2006-01-06T22:00:00.000Z
Updated: 2024-08-07T23:17:23.457Z

The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

Published: 2005-06-20T04:00:00.000Z
Updated: 2024-08-07T21:44:05.956Z

scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

Published: 2005-03-04T05:00:00.000Z
Updated: 2024-08-07T21:21:06.249Z

uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.

Published: 2005-02-21T05:00:00.000Z
Updated: 2024-08-07T21:13:54.363Z

The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.

Published: 2005-02-19T05:00:00.000Z
Updated: 2024-08-07T21:13:54.250Z

Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.

Published: 2005-02-19T05:00:00.000Z
Updated: 2024-08-07T21:13:54.256Z

Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

Published: 2005-02-15T05:00:00.000Z
Updated: 2024-08-07T20:57:40.999Z

Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code.

Published: 2005-01-22T05:00:00.000Z
Updated: 2024-08-07T20:57:40.894Z

The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.

Published: 2005-01-20T05:00:00.000Z
Updated: 2024-08-07T20:57:40.741Z

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Published: 2005-05-04T04:00:00.000Z
Updated: 2024-08-08T00:46:12.284Z

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

Published: 2005-01-20T05:00:00.000Z
Updated: 2024-08-08T00:46:12.034Z

The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.

Published: 2004-12-22T05:00:00.000Z
Updated: 2024-08-08T00:46:12.403Z

Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.

Published: 2004-12-22T05:00:00.000Z
Updated: 2024-08-08T00:46:11.375Z

Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).

Published: 2005-02-11T05:00:00.000Z
Updated: 2024-08-08T00:46:11.453Z

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.

Published: 2004-12-10T05:00:00.000Z
Updated: 2024-08-08T00:39:00.912Z

Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

Published: 2004-12-10T05:00:00.000Z
Updated: 2024-08-08T00:39:00.953Z

MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.

Published: 2004-12-01T05:00:00.000Z
Updated: 2024-08-08T00:39:00.906Z

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published: 2004-12-01T05:00:00.000Z
Updated: 2024-08-08T00:39:00.876Z

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

Published: 2004-11-18T05:00:00.000Z
Updated: 2024-08-08T00:39:00.761Z

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.

Published: 2004-12-08T05:00:00.000Z
Updated: 2024-08-08T00:38:59.824Z

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

Published: 2004-11-19T05:00:00.000Z
Updated: 2024-08-08T00:38:59.645Z

The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

Published: 2004-10-20T04:00:00.000Z
Updated: 2024-08-08T00:38:59.438Z

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

Published: 2004-10-20T04:00:00.000Z
Updated: 2024-08-08T00:39:00.442Z

The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Published: 2004-10-20T04:00:00.000Z
Updated: 2024-08-08T00:38:59.875Z

Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published: 2004-11-19T05:00:00.000Z
Updated: 2024-08-08T00:31:48.243Z

RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published: 2004-11-19T05:00:00.000Z
Updated: 2024-08-08T00:31:48.229Z

Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published: 2004-11-19T05:00:00.000Z
Updated: 2024-08-08T00:31:48.168Z

Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published: 2004-11-19T05:00:00.000Z
Updated: 2024-08-08T00:31:48.124Z

Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published: 2004-11-19T05:00:00.000Z
Updated: 2024-08-08T00:31:47.979Z

McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published: 2004-11-19T05:00:00.000Z
Updated: 2024-08-08T00:31:48.096Z

Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3.

Published: 2004-10-20T04:00:00.000Z
Updated: 2024-08-08T00:31:47.532Z

cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.

Published: 2005-01-29T05:00:00.000Z
Updated: 2024-08-01T17:18:07.480Z