» 2017 » 8월

CVE-2017-13765 (wireshark)

Posted on 2017년 8월 30일2017년 9월 1일 by admin

CVE-2017-13765 (wireshark)

In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.

Source: CVE-2017-13765 (wireshark)

CVE-2017-13764 (wireshark)

Posted on 2017년 8월 30일2017년 9월 1일 by admin

CVE-2017-13764 (wireshark)

In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation.

Source: CVE-2017-13764 (wireshark)

CVE-2017-13767 (wireshark)

Posted on 2017년 8월 30일2017년 9월 1일 by admin

CVE-2017-13767 (wireshark)

In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation.

Source: CVE-2017-13767 (wireshark)

CVE-2017-13768 (imagemagick)

Posted on 2017년 8월 30일2017년 9월 1일 by admin

CVE-2017-13768 (imagemagick)

Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.

Source: CVE-2017-13768 (imagemagick)

CVE-2016-10504 (openjpeg)

Posted on 2017년 8월 30일2017년 9월 1일 by admin

CVE-2016-10504 (openjpeg)

Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.

Source: CVE-2016-10504 (openjpeg)

CVE-2016-10506 (openjpeg)

Posted on 2017년 8월 30일2017년 9월 1일 by admin

CVE-2016-10506 (openjpeg)

Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

Source: CVE-2016-10506 (openjpeg)

CVE-2017-13769 (imagemagick)

Posted on 2017년 8월 30일2017년 9월 1일 by admin

CVE-2017-13769 (imagemagick)

The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.

Source: CVE-2017-13769 (imagemagick)

CVE-2016-10507 (openjpeg)

Posted on 2017년 8월 30일2017년 9월 1일 by admin

CVE-2016-10507 (openjpeg)

Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.

Source: CVE-2016-10507 (openjpeg)

CVE-2016-10505 (openjpeg)

Posted on 2017년 8월 30일2017년 9월 1일 by admin

CVE-2016-10505 (openjpeg)

NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

Source: CVE-2016-10505 (openjpeg)

CVE-2017-13775 (graphicsmagick)

Posted on 2017년 8월 30일2017년 9월 1일 by admin

CVE-2017-13775 (graphicsmagick)

GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests.

Source: CVE-2017-13775 (graphicsmagick)