Log

CVE-2016-9437 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An out of bounds write access has been discovered when using invalid button element type properties like '<button type=radio>'.
References
+ https://github.com/tats/w3m/issues/17
Notes
CVE-2016-9438 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A null pointer dereference problem has been discovered while processing the input_alt tag leading to an application crash.
References
+ https://github.com/tats/w3m/issues/18
Notes
CVE-2016-9439 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An infinite recursion problem has been discovered when processing nested table and textarea elements leading to an application crash.
References
+ https://github.com/tats/w3m/issues/20
Notes
CVE-2016-9440 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A null pointer dereference problem has been discovered in the formUpdateBuffer() function leading to a segmentation fault resulting in an application crash.
References
+ https://github.com/tats/w3m/issues/22
Notes
CVE-2016-9441 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A null pointer dereference problem has been discovered in the do_refill() function triggered by a malformed table_alt tag leading to a segmentation fault resulting in an application crash.
References
+ https://github.com/tats/w3m/issues/24
Notes
CVE-2016-9442 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A potential heap buffer corruption vulnerability has been discovered due to Strgrow. Note that w3m's allocator (boehmgc) preserves more space than the required size due to bucketing so the heap shouldn't be corrupted in practice.
References
+ http://www.openwall.com/lists/oss-security/2016/11/18/3
+ https://github.com/tats/w3m/commit/d43527cfa0dbb3ccefec4a6f7b32c1434739aa29
Notes
CVE-2016-9444 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
References
+ https://kb.isc.org/article/AA-01441/0
Notes
CVE-2016-9445 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ The vmnc decoder in gst-plugins-bad of the gstreamer code base contains a width * height * depth integer overflow in the allocation of the render buffer inside gst/vmnc/vmncdec.c.
References
+ https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
+ https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe
+ https://bugzilla.gnome.org/show_bug.cgi?id=774533
Notes
CVE-2016-9446 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Information disclosure
Description
+ An information disclosure vulnerability has been discovered in the render canvas functionality of gst-plugins-bad due to the lack of initializing the returned heap area of g_malloc(). An example for the information leak would be thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas at all.
+ This could be a problem for anyone using gstreamer in a server environment to provide a thumbnailing services.
References
+ https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
+ https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe
+ https://bugzilla.gnome.org/show_bug.cgi?id=774533
Notes
CVE-2016-9447 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A heap out-of-bound read/write vulnerability has been discovered in the libgstnsf.so nintendo music files plugin of gst-plugins-bad due to lack of checking the ROM size when mapping into memory. Switching the bank leads to an out-of-bounds read leading to possible arbitrary code execution when combined with the ability to load or bank switch the ROM to a writable memory location.
References
+ http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html
Notes