Search CVE reports
1 – 10 of 51398 results
Fixed 32-bit DMG parser size checks that could let a short mish stripe table pass validation and crash 32-bit scanner builds.
1 affected package
clamav
| Package | 16.04 LTS |
|---|---|
| clamav | Needs evaluation |
Fixed ALZ parser size handling bugs that could cause malformed ALZ archives to panic, abort the scanner, or skip expected scan-limit handling.
1 affected package
clamav
| Package | 16.04 LTS |
|---|---|
| clamav | Needs evaluation |
Fixed a bug in the PESpin unpacker cleanup path that could free pointers into the scanned file buffer and crash the scanner.
1 affected package
clamav
| Package | 16.04 LTS |
|---|---|
| clamav | Needs evaluation |
Fixed an InstallShield archive extraction limit bypass that could write far more temporary data than intended and exhaust temporary storage.
1 affected package
clamav
| Package | 16.04 LTS |
|---|---|
| clamav | Needs evaluation |
Fixed a 7z parser substream count overflow that could under-allocate parser metadata arrays and write past them while reading a malformed archive.
1 affected package
clamav
| Package | 16.04 LTS |
|---|---|
| clamav | Needs evaluation |
Fixed an FSG unpacker loop underflow that could write past the section array while scanning a malformed PE file.
1 affected package
clamav
| Package | 16.04 LTS |
|---|---|
| clamav | Needs evaluation |
Fixed an integer overflow in PE rebuild size calculations that could be reached through a malformed Aspack-packed PE file and lead to a heap buffer overflow write.
1 affected package
clamav
| Package | 16.04 LTS |
|---|---|
| clamav | Needs evaluation |
ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion...
1 affected package
imagemagick
| Package | 16.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext...
1 affected package
imagemagick
| Package | 16.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service.
1 affected package
imagemagick
| Package | 16.04 LTS |
|---|---|
| imagemagick | Needs evaluation |