Sven Tantau

#18377de 53,640
14.7CVSS total
Vulnerabilidades · 3
Baixa
1
Média
1
Alta
1
PT-2005-1092
5.1
2005-10-27
Kchmviewer · Kchmviewer · CVE-2005-3318
**Name of the Vulnerable Software and Affected Versions** chmlib versions prior to 0.37.4 KchmViewer (affected versions not specified) **Description** The issue is related to a buffer overflow in the chm decompress block function in CHM lib (chmlib), which can be exploited to execute arbitrary code. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely. **Recommendations** For chmlib versions prior to 0.37.4, update to version 0.37.4 or later to resolve the issue. For KchmViewer, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2005-3601
7.5
2005-08-29
Mplayer · Mplayer · CVE-2005-2718
**Name of the Vulnerable Software and Affected Versions** MPlayer versions 1.0pre7 and earlier **Description** The issue is related to a buffer overflow in the ad pcm.c file, which can be triggered by remote attackers sending crafted PCM audio data. This can be achieved by using a video file with an audio header that contains a large value in a stream format (strf) chunk, allowing the execution of arbitrary code. **Recommendations** For MPlayer versions 1.0pre7 and earlier, consider updating to a newer version to mitigate the risk of exploitation, as the current version contains a buffer overflow vulnerability in the ad pcm.c file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2005-5574
2.1
1970-01-01
Debian · Fuse · CVE-2005-1858
**Name of the Vulnerable Software and Affected Versions** FUSE versions prior to 2.3.0 **Description** The issue is related to multiple vulnerabilities in the FUSE package of the Debian GNU/Linux operating system, which can lead to a breach of confidentiality of protected information. These vulnerabilities can be exploited by a local attacker. The problem arises because FUSE 2.x does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, potentially allowing local users to obtain sensitive information. **Recommendations** For versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and limiting the privileges of local users to minimize the risk of exploitation.