CVE-2016-5384
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
Source: CVE-2016-5384
[월:] 2016년 08월
CVE-2016-6214 (debian_linux, libgd)
CVE-2016-6214 (debian_linux, libgd)
gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2016-6207 (debian_linux, libgd)
CVE-2016-6207 (debian_linux, libgd)
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
CVE-2016-6161 (debian_linux, libgd)
CVE-2016-6161 (debian_linux, libgd)
The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
CVE-2016-6132 (debian_linux, libgd)
CVE-2016-6132 (debian_linux, libgd)
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2016-6597 (mobile_control_eas_proxy)
CVE-2016-6597 (mobile_control_eas_proxy)
Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability.
CVE-2016-6597
CVE-2016-6597
Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability.
Source: CVE-2016-6597
CVE-2016-5421 (debian_linux, libcurl)
CVE-2016-5421 (debian_linux, libcurl)
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.
CVE-2016-5421
CVE-2016-5421
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.
Source: CVE-2016-5421
CVE-2016-5420 (debian_linux, libcurl)
CVE-2016-5420 (debian_linux, libcurl)
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.