Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit
for image loading and pixel buffer manipulation. A remote attacker can
take advantage of these flaws to cause a denial-of-service against an
application using gdk-pixbuf (application crash), or potentially, to
execute arbitrary code with the privileges of the user running the
application, if a malformed image is opened.

Two vulnerabilities were discovered in Symfony, a PHP framework.

Several vulnerabilities were discovered in libgd2, a library for
programmatic graphics creation and manipulation. A remote attacker can
take advantage of these flaws to cause a denial-of-service against an
application using the libgd2 library.

It was discovered that a buffer overflow in the XMLRPC response encoding
code of the Atheme IRC services may result in denial of service.

Multiple vulnerabilities were discovered in the dissectors/parsers for
PKTC, IAX2, GSM CBCH and NCP which could result in denial of service.

Gustavo Grieco discovered several flaws in the way librsvg, a SAX-based
renderer library for SVG files, parses SVG files with circular
definitions. A remote attacker can take advantage of these flaws to
cause an application using the librsvg library to crash.

Gustavo Grieco discovered that Expat, an XML parsing C library, does not
properly handle certain kinds of malformed input documents, resulting in
buffer overflows during processing and error reporting. A remote
attacker can take advantage of this flaw to cause an application using
the Expat library to crash, or potentially, to execute arbitrary code
with the privileges of the user running the application.

It was discovered that the swift3 (S3 compatibility) middleware plugin
for Swift performed insufficient validation of date headers which might
result in replay attacks.

Julien Bernard discovered that libndp, a library for the IPv6 Neighbor
Discovery Protocol, does not properly perform input and origin checks
during the reception of a NDP message. An attacker in a non-local
network could use this flaw to advertise a node as a router, and cause a
denial of service attack, or act as a man-in-the-middle.

Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, a
validating XML parser library for C++, due to not properly handling
invalid characters in XML input documents in the DTDScanner.