Leon Zhao discovered several security vulnerabilities in libextractor, a universal library and command-line tool to obtain meta-data about files. NULL Pointer Dereferences, heap-based buffer overflows, integer signedness errors and out-of-bounds read may lead to a denial-of-service
Various security vulnerabilities were discovered in sox, a command line utility to convert audio formats, that may lead to a denial-of-service (application crash / infinite loop) or memory corruptions by processing a malformed input file.
optipng, an advanced PNG (Portable Network Graphics) optimizer, has been found vulnerable to a buffer overflow which allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an
A security issue that allows XSS on the Werkzeug debugger allows remote attackers to inject arbitrary stuff via a field that contains an exception message.
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in impersonation of Kerberos services, denial of service, unauthorized access, sandbox bypass or HTTP header injection.
Several vulnerabilities have been discovered in the X.Org X server. An attacker who's able to connect to an X server could cause a denial of service or potentially the execution of arbitrary code.
It was discovered that sam2p, a utility to convert raster images and other image formats, was affected by an integer overflow vulnerability with resultant heap-based buffer overflow in input-bmp.ci because width and height multiplications occur unsafely. This may lead to an
An integer overflow vulnerability was found in optipng, an advanced PNG optimizer that also recognizes other external file formats. This may lead to arbitrary code execution when a maliciously crafted TIFF file is processed.
Volker Lendecke of SerNet and the Samba team discovered that Samba, a SMB/CIFS file, print, and login server for Unix, is prone to a heap memory information leak, where server allocated heap memory may be returned to the client without being cleared.
Tobias Schneider discovered that Spring-LDAP would allow authentication with an arbitrary password when the username is correct, no additional attributes are bound and when using LDAP BindAuthenticator with DefaultTlsDirContextAuthenticationStrategy as the authentication
Rod Widdowson of Steading System Software LLP discovered a coding error in the "Dynamic" metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.
Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.
