Monthly Archives: March 2017

NVD

CVE-2016-10056

Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or other unspecified impact via a crafted file.

NVD

CVE-2016-10059

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or unspecified other impact via a crafted TIFF file.

NVD

CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.

NVD

CVE-2016-10057

Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or other unspecified impact via a crafted file.

NVD

CVE-2016-10049

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or other unspecified impact via a crafted RLE file.

NVD

CVE-2016-10053

The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.

NVD

CVE-2016-10052

Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or other unspecified impact via a crafted file.

Hackers News

Breaking: Wikileaks reveals CIA's Apple MacOS and iPhone Hacking Techniques

As part of its “Vault 7” series, Wikileaks — the popular whistle-blowing platform — has just released another batch of classified documents focused on exploits and hacking techniques the Central Intelligence Agency (CIA) designed to target Apple MacOS and iOS devices.

Dubbed “Dark Matter,” the leak uncovers macOS vulnerabilities and attack vectors developed by a special division of the CIA

Fedora

ntp-4.2.8p10-1.fc26

Security fix for CVE-2017-6464 CVE-2017-6462 CVE-2017-6463 CVE-2017-6458 CVE-2017-6451 CVE-2017-6460 CVE-2016-9042.

—-

This update improves the default configuration file to use the pool directive. It also replaces the ntpstat program with a shell script that uses the ntpq program instead of implementing the mode 6 protocol.

NVD

CVE-2017-5206

Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the –allow-debuggers argument.