Gentoo Linux Security Advisory 201701-14 - An integer overflow in LZO might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 2.08 are affected.
2f26e01e89f98c1633ae88f5d0b47701c018e02edab2d5367badb349371f00b4Mandriva Linux Security Advisory 2015-163 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. The grub2 package is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code.
6ae284d0de868ab7f87fb05d92e7bbec5da0551f41a32b761bd68e4d8f04ff31Gentoo Linux Security Advisory 201503-13 - Multiple vulnerabilities have been found in BusyBox, allowing context dependent attackers to load arbitrary kernel modules, execute arbitrary files, or cause a Denial of Service condition. Versions less than 1.23.1 are affected.
d53909ca9603f24a82643ad31fa0ef347f8a0d12dbb4dca631b68ebd5d7a6bffMandriva Linux Security Advisory 2015-150 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker.
7786a6d242b8ae14eeda3858a16f35b3268a4339417b51473b5e0f9fbc15c281Mandriva Linux Security Advisory 2015-146 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. The libvncserver library is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code. A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size parameter to the VNC client. This would result in multiple memory corruptions and could allow remote code execution on the VNC client. A malicious VNC client can trigger multiple DoS conditions on the VNC server by advertising a large screen size, ClientCutText message length and/or a zero scaling factor parameter. A malicious VNC client can trigger multiple stack-based buffer overflows by passing a long file and directory names and/or attributes when using the file transfer message feature.
64a585715b6153f060300bd58af5f5fe21c455247b7446666263b01087c63c74Mandriva Linux Security Advisory 2014-181 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. The dump package is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code.
0f75b6891aae24693a8f4e99262c27b89e7e8729e07fcfea36107cd8471f1867Mandriva Linux Security Advisory 2014-173 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. Busybox bundles part of the liblzo code, containing the lzo1x_decompress_safe function, which is affected by this issue.
fcc34020e34e26f76b502247b86cf085a924a4ece4f9f27fb43b914bf781dc0bMandriva Linux Security Advisory 2014-168 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. The libvncserver library is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code. The x11vnc packages is now build against the system libvncserver library to avoid security issues in the bundled copy. The icecream packages is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code.
250c81914e24825853b855493501760094ef441b094b49344065f2078e67daa7Debian Linux Security Advisory 2995-1 - Don A. Bailey from Lab Mouse Security discovered an integer overflow flaw in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash or, potentially, execute arbitrary code.
1ead9c8af49a2ce3949b974fafca20251b706d338d7b8b29bd6fb57789bc1b1dUbuntu Security Notice 2300-1 - Don A. Bailey discovered that LZO incorrectly handled certain input data. An attacker could use this issue to cause LZO to crash, resulting in a denial of service, or possibly execute arbitrary code.
052eb44f42d6cd5dd14d059c17c5bf9a8bc99472168ac85239a8e82354f16e46Mandriva Linux Security Advisory 2014-134 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker.
09f3697bd7c1262d63ac7bceb9874b1046533a6d16eef40e1a9088a4a91adca4Red Hat Security Advisory 2014-0861-02 - LZO is a portable lossless data compression library written in ANSI C. An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash or, potentially, execute arbitrary code.
2b79806c5506601a649fcadead2d724e2e194a128b8d64da2b4a6ad1636a84ba
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed