Drew Yao

**Name of the Vulnerable Software and Affected Versions** Ruby versions 1.9.2-p136 and earlier **Description** The issue is related to the VpMemAlloc function in bigdecimal.c in the BigDecimal class, which does not properly allocate memory. This allows context-dependent attackers to execute arbitrary code or cause a denial of service via vectors involving creation of a large BigDecimal value within a 64-bit process. The issue is related to an "integer truncation issue" and only affects 64-bit systems. **Recommendations** For Ruby versions 1.9.2-p136 and earlier, consider updating to a newer version to mitigate the risk, as the issue is resolved in later versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebKit versions before r59950 Google Chrome versions before 5.0.375.70 **Description** The issue is related to an off-by-one error in the toAlphabetic function in WebCore, which can be exploited by remote attackers to obtain sensitive information, cause a denial of service, or possibly execute arbitrary code. This is achieved through vectors related to list markers for HTML lists. **Recommendations** For WebKit versions before r59950, update to version r59950 or later to resolve the issue. For Google Chrome versions before 5.0.375.70, update to version 5.0.375.70 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 5.0.375.70 WebKit versions prior to r59859 **Description** A use-after-free issue in page/Geolocation.cpp in WebCore allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. This is related to the failure to stop timers associated with geolocation upon deletion of a document. **Recommendations** For Google Chrome versions prior to 5.0.375.70, update to version 5.0.375.70 or later to resolve the issue. For WebKit versions prior to r59859, update to version r59859 or later to resolve the issue. As a temporary workaround, consider disabling geolocation features in affected versions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WebKit versions before r56380 **Description** The issue is caused by an off-by-one error in the WebSocketHandshake::readServerHandshake function in WebCore, which can be exploited by remote websockets servers. This can lead to a denial of service due to memory corruption or possibly have other unspecified impacts. The exploitation occurs via an upgrade header that is long and invalid. **Recommendations** For versions before r56380, update to a version after r56380 to resolve the issue. As a temporary workaround, consider restricting access to the WebSocketHandshake::readServerHandshake function until a patch is available. Avoid using invalid or long upgrade headers in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** File versions prior to 5.02 **Description** The issue is related to multiple buffer overflows in the `cdf read sat`, `cdf read long sector chain`, and `cdf read ssat` functions. This can allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For versions prior to 5.02, update to version 5.02 or later to resolve the issue. As a temporary workaround, consider disabling the `cdf read sat`, `cdf read long sector chain`, and `cdf read ssat` functions until a patch is available. Restrict access to the affected functions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** file versions prior to 5.02 **Description** The issue is related to multiple integer overflows in the `cdf read property info` and `cdf read sat` functions. This can allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For versions prior to 5.02, update to version 5.02 or later to resolve the issue. As a temporary workaround, consider restricting access to the `cdf read property info` and `cdf read sat` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libxml2 versions prior to 2.7.2 **Description** The issue is related to an integer overflow in the xmlBufferResize function, which allows context-dependent attackers to cause a denial of service, potentially leading to an infinite loop, via a large XML document. Additionally, there are multiple vulnerabilities in libxml2 that can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely. **Recommendations** For libxml2 versions prior to 2.7.2, update to version 2.7.2 or later to resolve the issue. As a temporary workaround, consider restricting the size of XML documents processed by the xmlBufferResize function to prevent potential denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.0.2 **Description** The issue is related to multiple unspecified vulnerabilities that can cause a denial of service, memory corruption, and application crash, or possibly execute arbitrary code. This is due to vectors related to graphics rendering, including handling of a long alert messagebox, integer overflows when handling animated PNG data in the `info callback` function in nsPNGDecoder.cpp, and an integer overflow when handling SVG data in the `nsSVGFEGaussianBlurElement::SetupPredivide` function in nsSVGFilters.cpp. **Recommendations** For Mozilla Firefox versions prior to 3.0.2, update to version 3.0.2 or later to resolve the issue.

Integer overflow in the (1) rb ary splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb ary replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Multiple integer overflows in the rb ary store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Multiple integer overflows in the rb str buf append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.

**Name of the Vulnerable Software and Affected Versions** Ruby versions 1.8.4 and earlier Ruby version 1.8.5 before 1.8.5-p231 Ruby version 1.8.6 before 1.8.6-p230 Ruby version 1.8.7 before 1.8.7-p22 Ruby version 1.9.0 before 1.9.0-2 **Description** A directory traversal issue exists when using NTFS or FAT filesystems, allowing remote attackers to read arbitrary CGI files via a specially crafted URI. The vulnerability can be triggered by appending certain characters to the URI, including a trailing `+` (plus), `%2b` (encoded plus), `.` (dot), `%2e` (encoded dot), or `%20` (encoded space). This issue may be related to the `WEBrick::HTTPServlet::FileHandler` and `WEBrick::HTTPServer.new` functionality, as well as the `:DocumentRoot` option. **Recommendations** For Ruby version 1.8.4 and earlier, update to a version later than 1.8.4. For Ruby version 1.8.5 before 1.8.5-p231, update to version 1.8.5-p231 or later. For Ruby version 1.8.6 before 1.8.6-p230, update to version 1.8.6-p230 or later. For Ruby version 1.8.7 before 1.8.7-p22, update to version 1.8.7-p22 or later. For Ruby version 1.9.0 before 1.9.0-2, update to version 1.9.0-2 or later.

**Name of the Vulnerable Software and Affected Versions** xine-lib version 1.1.10.1 **Description** The issue is related to an array index error in the `sdpplin parse` function, located in `input/libreal/sdpplin.c`. This error allows remote RTSP servers to execute arbitrary code via a large `streamid` SDP parameter. The vulnerability is also associated with errors in number processing, which can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For xine-lib version 1.1.10.1, consider disabling the `sdpplin parse` function until a patch is available to prevent exploitation. Restrict access to RTSP servers to minimize the risk of remote code execution. Avoid using large `streamid` SDP parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cups versions prior to 1.3.10 cups-libs-x86 (affected versions not specified) kdegraphics-devel-3.5.4 (affected versions not specified) kdegraphics-3.5.4 (affected versions not specified) cups-debugsource (affected versions not specified) cups-libs-32bit (affected versions not specified) cups-client (affected versions not specified) cups-debuginfo (affected versions not specified) cups-devel (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in various packages, including cups and kdegraphics, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, multiple integer overflows in the JBIG2 decoder in Xpdf and CUPS allow remote attackers to cause a denial of service via a crafted PDF file, related to JBIG2Stream::readSymbolDictSeg and other functions. **Recommendations** For cups versions prior to 1.3.10, update to version 1.3.10 or later. For cups-libs-x86, consider disabling the vulnerable package until a patch is available. For kdegraphics-devel-3.5.4, restrict access to the vulnerable package to minimize the risk of exploitation. For kdegraphics-3.5.4, avoid using the vulnerable package in sensitive operations until the issue is resolved. For cups-debugsource, cups-libs-32bit, cups-client, cups-debuginfo, and cups-devel, consider temporarily disabling or restricting the use of these packages until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability for some of the affected packages.

**Name of the Vulnerable Software and Affected Versions** cups versions prior to 1.3.10 cups-libs (affected versions not specified) cups-libs-32bit (affected versions not specified) cups-libs-x86 (affected versions not specified) cups-client (affected versions not specified) cups-debuginfo (affected versions not specified) cups-debugsource (affected versions not specified) cups-devel (affected versions not specified) kdegraphics-3.5.4 (affected versions not specified) kdegraphics-devel-3.5.4 (affected versions not specified) Xpdf version 3.02pl2 and earlier **Description** The issue concerns multiple vulnerabilities in various packages, including cups and kdegraphics, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, allows remote attackers to cause a denial of service via a crafted PDF file. **Recommendations** For cups versions prior to 1.3.10, update to version 1.3.10 or later. For cups-libs, cups-libs-32bit, cups-libs-x86, cups-client, cups-debuginfo, cups-debugsource, and cups-devel, there is no information about a newer version that contains a fix for this vulnerability. For kdegraphics-3.5.4 and kdegraphics-devel-3.5.4, there is no information about a newer version that contains a fix for this vulnerability. For Xpdf version 3.02pl2 and earlier, update to a version later than 3.02pl2. As a temporary workaround, consider disabling the JBIG2 decoder function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenEXR versions 1.2.2 through 1.6.1 OpenEXR versions prior to 1.7.0 **Description** The issue involves multiple integer overflows that can be exploited by context-dependent attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows. This is related to the `Imf::PreviewImage::PreviewImage` function and compressor constructors. The vulnerability can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information. **Recommendations** For OpenEXR versions 1.2.2 through 1.6.1, update to version 1.7.0 or later to resolve the issue. For OpenEXR versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue. As a temporary workaround, consider disabling the `Imf::PreviewImage::PreviewImage` function and compressor constructors until a patch is available. Restrict access to the affected OpenEXR components to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenEXR versions 1.2.2 through 1.6.1 OpenEXR versions prior to 1.7.0 **Description** The decompression implementation in the Imf::hufUncompress function allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. Multiple vulnerabilities in the OpenEXR package may lead to a violation of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. **Recommendations** For OpenEXR versions 1.2.2 through 1.6.1, update to version 1.7.0 or later to resolve the issue. For OpenEXR versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable `Imf::hufUncompress` function until a patch is available.