Chris Evans

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.0.5-2 GraphicsMagick versions prior to 1.3.24 **Description** The issue allows an attacker to leak sensitive information from process memory space due to the use of uninitialized memory in the RLE decoder. This can be exploited through remote attacks against code in a long-running server process that converts image data on behalf of multiple users. The problem is caused by a missing initialization step in the `ReadRLEImage` function in `coders/rle.c`. **Recommendations** For ImageMagick versions prior to 7.0.5-2, update to version 7.0.5-2 or later. For GraphicsMagick versions prior to 1.3.24, update to version 1.3.24 or later. As a temporary workaround, consider disabling the `ReadRLEImage` function in `coders/rle.c` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** game-music-emu versions prior to 0.6.1 **Description** The issue allows local users to cause a denial of service, resulting in a process crash due to a divide by zero error. **Recommendations** For versions prior to 0.6.1, update to version 0.6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** game-music-emu versions prior to 0.6.1 **Description** A stack-based buffer overflow issue exists. **Recommendations** For versions prior to 0.6.1, update to version 0.6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** game-music-emu versions prior to 0.6.1 **Description** The issue allows remote attackers to write to arbitrary memory locations, potentially leading to exploitation. **Recommendations** For versions prior to 0.6.1, update to version 0.6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** game-music-emu versions prior to 0.6.1 **Description** The issue is related to the mishandling of unspecified integer values. **Recommendations** For versions prior to 0.6.1, update to version 0.6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** game-music-emu versions prior to 0.6.1 **Description** The issue allows remote attackers to generate out of bounds 8-bit values. **Recommendations** For versions prior to 0.6.1, update to version 0.6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GStreamer versions prior to 1.10.2 **Description** The issue allows remote attackers to cause a denial of service, resulting in an out-of-bounds write and crash, via a crafted series of skip and count pairs in the FLIC decoder. **Recommendations** For versions prior to 1.10.2, update to version 1.10.2 or later to resolve the issue. As a temporary workaround, consider disabling the FLIC decoder until a patch is available. Restrict access to the FLIC decoder module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GStreamer versions prior to 1.10.2 **Description** The issue is related to a heap-based buffer overflow in the FLIC decoder. This can be exploited by providing a `skip count` that exceeds the initialized buffer, potentially allowing remote attackers to execute arbitrary code or cause the application to crash. **Recommendations** For versions prior to 1.10.2, update to version 1.10.2 or later to resolve the issue. As a temporary workaround, consider restricting the input to the FLIC decoder to prevent the `skip count` from exceeding the initialized buffer.

**Name of the Vulnerable Software and Affected Versions** GStreamer versions prior to 1.10.2 **Description** The issue is related to a heap-based buffer overflow in the FLIC decoder, specifically in the flx decode delta fli function. This can be exploited by remote attackers to execute arbitrary code or cause the application to crash via the `start line` parameter. **Recommendations** For versions prior to 1.10.2, update to version 1.10.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the FLIC decoder until a patch is applied. Avoid using the `start line` parameter in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GStreamer versions prior to 1.10.2 **Description** The issue is related to a heap-based buffer overflow in the FLIC decoder. This can be exploited by providing a `write count` that exceeds the initialized buffer, potentially allowing remote attackers to execute arbitrary code or cause the application to crash. **Recommendations** For versions prior to 1.10.2, update to version 1.10.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the FLIC decoder until a patch is available.

**Name of the Vulnerable Software and Affected Versions** gstreamer (affected versions not specified) **Description** The issue concerns the vmnc decoder in the gstreamer, which fails to initialize the render canvas. This allows remote attackers to obtain sensitive information. An example of exploitation is through thumbnailing a simple 1-frame vmnc movie that does not draw to the allocated render canvas. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gstreamer (affected versions not specified) **Description** The issue is related to an integer overflow in the vmnc decoder, which can be exploited by remote attackers to cause a denial of service (crash) by providing large width and height values, triggering a buffer overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9 **Description** The issue is related to the WebKit component in Apple iOS, which has inadequate access control. This allows remote attackers to bypass the Same Origin Policy by creating a crafted web site. The problem stems from WebKit not properly selecting the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type. **Recommendations** For Apple iOS versions prior to 9, update to a version 9 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially malicious web sites to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player versions prior to 13.0.0.244 Adobe Flash Player versions 14.x and 15.x prior to 15.0.0.152 Adobe Flash Player version prior to 11.2.202.406 on Linux Adobe AIR versions prior to 15.0.0.249 on Windows and OS X Adobe AIR version prior to 15.0.0.252 on Android Adobe AIR SDK version prior to 15.0.0.249 Adobe AIR SDK & Compiler version prior to 15.0.0.249 **Description** The issue is related to a heap-based buffer overflow in the dynamic memory of Adobe Flash Player, Adobe AIR, Adobe AIR SDK, and Adobe AIR SDK & Compiler, allowing attackers to execute arbitrary code via unspecified vectors. This can be exploited by attackers to gain control over the affected system. **Recommendations** For Adobe Flash Player versions prior to 13.0.0.244, update to version 13.0.0.244 or later. For Adobe Flash Player versions 14.x and 15.x prior to 15.0.0.152, update to version 15.0.0.152 or later. For Adobe Flash Player version prior to 11.2.202.406 on Linux, update to version 11.2.202.406 or later. For Adobe AIR versions prior to 15.0.0.249 on Windows and OS X, update to version 15.0.0.249 or later. For Adobe AIR version prior to 15.0.0.252 on Android, update to version 15.0.0.252 or later. For Adobe AIR SDK version prior to 15.0.0.249, update to version 15.0.0.249 or later. For Adobe AIR SDK & Compiler version prior to 15.0.0.249, update to version 15.0.0.249 or later.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.16.1 **Description** The issue is related to a stack consumption problem in the parse rock ridge inode internal function, allowing local users to cause a denial of service through crafted iso9660 images. This can lead to uncontrolled recursion and potentially cause a system crash or reboot. **Recommendations** For Linux kernel versions prior to 3.16.1, update to version 3.16.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of iso9660 images to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.16.1 **Description** The issue allows local users to cause a denial of service, resulting in an unkillable mount process. This can be achieved by using a crafted iso9660 image with a self-referential CL entry, which affects the `parse rock ridge inode internal` function in `fs/isofs/rock.c`. **Recommendations** For versions prior to 3.16.1, update to version 3.16.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 25.0.1364.152 **Description** The issue arises from improper management of the interaction between the browser process and renderer processes during authorization of the loading of a plug-in. This makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-in. **Recommendations** For versions prior to 25.0.1364.152, update to version 25.0.1364.152 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libxslt versions 1.1.26 and earlier Google Chrome versions prior to 21.0.1180.89 **Description** The issue is related to improper memory management in libxslt, which could allow remote attackers to cause a denial of service, potentially leading to an application crash. This can be achieved through a crafted XSLT expression that is not properly identified during XPath navigation. The problem is associated with the `xsltCompileLocationPathPattern` function in libxslt/pattern.c and the `xsltGenerateIdFunction` function in libxslt/functions.c. Exploitation of the vulnerabilities may lead to breaches of confidentiality, integrity, and availability of protected information and can be performed remotely. **Recommendations** For libxslt versions 1.1.26 and earlier, consider updating to a version later than 1.1.26 to resolve the issue. For Google Chrome versions prior to 21.0.1180.89, update to version 21.0.1180.89 or later to fix the problem. As a temporary workaround, consider restricting the use of XSLT expressions in libxslt until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libxml2 versions 2.9.0-rc1 and earlier Google Chrome versions prior to 21.0.1180.89 **Description** The issue is related to the handling of XSL transforms and the xmlNs data structure in include/libxml/tree.h. It allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. Multiple vulnerabilities in the libxml2 package can lead to violations of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. **Recommendations** For libxml2 versions 2.9.0-rc1 and earlier, update to version 2.9.1 or later to resolve the issue. For Google Chrome versions prior to 21.0.1180.89, update to version 21.0.1180.89 or later to resolve the issue. As a temporary workaround, consider restricting the use of XSL transforms in libxml2 until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libjpeg-turbo versions 1.2.0 through 1.2.0 **Description** The issue is related to a heap-based buffer overflow in the get sos function in jdmarker.c, which can be triggered by a large component count in the header of a JPEG image. This can cause a denial of service, resulting in an application crash, and potentially allow the execution of arbitrary code. The exploitation of this issue can be done remotely. **Recommendations** For libjpeg-turbo version 1.2.0, update to version 1.2.1 or later to resolve the issue. As a temporary workaround, consider restricting the processing of JPEG images with large component counts in the header until a patch is available.