The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
Monthly Archives: March 2017
CVE-2016-10163
Memory leak in the vrend_renderer_context_create_internal function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) by repeatedly creating a decode context.
CVE-2016-10168
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
CVE-2016-10155
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVE-2016-10166
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
CVE-2017-6430
The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter.
CVE-2017-6443
Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1.
CVE-2017-6429
Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet.
How One Photo Could Have Hacked Your WhatsApp and Telegram Accounts
Next time when someone sends you a photo of a cute cat or a hot chick on WhatsApp or Telegram then be careful before you click on the image to view — it might hack your account within seconds.
A new security vulnerability has recently been patched by two popular end-to-end encrypted messaging services — WhatsApp and Telegram — that could have allowed hackers to completely take over user
qemu-2.7.1-4.fc25
* CVE-2016-7907: net: imx: infinite loop (bz #1381182)
* CVE-2017-5525: audio: memory leakage in ac97 (bz #1414110)
* CVE-2017-5526: audio: memory leakage in es1370 (bz #1414210)
* CVE-2016-10155 watchdog: memory leakage in i6300esb (bz #1415200)
* CVE-2017-5552: virtio-gpu-3d: memory leakage (bz #1415283)
* CVE-2017-5578: virtio-gpu: memory leakage (bz #1415797)
* CVE-2017-5667: sd: sdhci OOB access during multi block transfer (bz #1417560)
* CVE-2017-5856: scsi: megasas: memory leakage (bz #1418344)
* CVE-2017-5857: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref (bz #1418383)
* CVE-2017-5898: usb: integer overflow in emulated_apdu_from_guest (bz #1419700)
* CVE-2017-5987: sd: infinite loop issue in multi block transfers (bz #1422001)
* CVE-2017-6058: vmxnet3: OOB access when doing vlan stripping (bz #1423359)
* CVE-2017-6505: usb: an infinite loop issue in ohci_service_ed_list (bz #1429434)
* CVE-2017-2615: cirrus: oob access while doing bitblt copy backward (bz #1418206)
* CVE-2017-2620: cirrus: potential arbitrary code execution (bz #1425419)
* Fix spice GL with new mesa/libglvnd (bz #1431905)