6

Debian: 2074-1: ncompress: integer underflow

view story

http://www.linuxsecurity.com LinuxSecurity.com: Aki Helin discovered an integer underflow in ncompress, the original Lempel-Ziv compress/uncompress programs. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive. [More...] (Security)
Debian: 2074-1: ncompress: integer underflow

robot1's picture
Submitted by robot1 6 weeks 5 days ago – Made popular 6 weeks 5 days ago

Similar stories

Pardus: 2010-86: ncompress: Integer Underflow 10 weeks 4 days ago

LinuxSecurity.com: An integer underflow vulnerability has been fixed which can be used by malicious people to cause denial of service.

USN-889-1: gzip vulnerabilities 32 weeks 5 days ago

Referenced CVEs: 

CVE-2009-2624, CVE-2010-0001

Description: 

===========================================================
Ubuntu Security Notice USN-889-1 January 20, 2010
gzip vulnerabilities
CVE-2009-2624, CVE-2010-0001
===================================================

Pardus: 2010-81: Tiff: Integer Overflow 11 weeks 6 days ago

LinuxSecurity.com: Multiple integer overflows have been fixed in tiff which can be used by malicious people to execute arbitrary code.

Utilities to compress and uncompress files in Linux 18 weeks 6 days ago

In this article, it is intended to discuss the following utilities that are used to compress and uncompress files in Linux:

  • tar
  • gzip & gunzip
  • bzip2 & bunzip2

tar

Ubuntu: 943-1: Thunderbird vulnerabilities 8 weeks 6 days ago

LinuxSecurity.com: Martin Barbella discovered an integer overflow in an XSLT node sortingroutine. An attacker could exploit this to overflow a buffer and cause adenial of service or possibly execute arbitrary code with the privileges ofthe user invoking the program. (CVE-2010-1199) [More...]

Debian: 2055-1: openoffice.org: macro execution 13 weeks 10 hours ago

LinuxSecurity.com: It was discovered that OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft(R) Office, is not properly handling python macros embedded in an office document. This allows an attacker to perform user-assisted execution of arbitrary code in [More...]

Debian: 2036-1: jasper: programming error 20 weeks 2 days ago

LinuxSecurity.com: It was discovered that the JasPer JPEG-2000 runtime library allowed an attacker to create a crafted input file that could lead to denial of service and heap corruption. [More...]

USN-794-1: Perl vulnerability 1 year 9 weeks ago

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that the Compress::Raw::Zlib Perl module incorrectly
handled certain zlib compressed streams. If a user or automated system were
tricked into processing a specially crafted compressed stream or file, a
remote attacker could crash the application, leading to a denial of

Mandriva: 2010:112: glibc 12 weeks 6 days ago

LinuxSecurity.com: Multiple vulnerabilities was discovered and fixed in glibc:
Multiple integer overflows in the strfmon implementation in
the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow
context-dependent attackers to cause a denial of service (memory
[More...]