Infamous41Md

Name of the Vulnerable Software and Affected Versions: Dia versions 0.87 through 0.95-pre5 Description: The issue involves multiple buffer overflows in the xfig import code, potentially allowing attackers to have an unknown impact via a crafted xfig file. This could involve an invalid `color index`, `number of points`, or `depth`. The vulnerability may lead to a disruption in confidentiality, integrity, and availability of protected information and can be exploited remotely. Recommendations: For Dia versions 0.87 through 0.95-pre5, update to version 0.95-pre6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the xfig import feature until a patch is available. Avoid using crafted xfig files that may exploit the buffer overflows in the xfig import code.

**Name of the Vulnerable Software and Affected Versions** kdegraphics versions prior to 3.4.3-r3 pdftohtml (affected versions not specified) **Description** The issue involves multiple vulnerabilities in the kdegraphics and pdftohtml packages, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, used in various products including gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code. **Recommendations** For kdegraphics versions prior to 3.4.3-r3, update to version 3.4.3-r3 or later. For pdftohtml, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** kdegraphics versions prior to 3.4.3-r3 pdftohtml (affected versions not specified) xpdf versions prior to 3.01 **Description** The issue involves multiple vulnerabilities in the kdegraphics package and the pdftohtml package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Additionally, there are heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code of xpdf, which can cause a denial of service and possibly allow the execution of arbitrary code via a crafted PDF file. **Recommendations** For kdegraphics versions prior to 3.4.3-r3, update to version 3.4.3-r3 or later. For pdftohtml, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For xpdf versions prior to 3.01, update to version 3.01 or later. As a temporary workaround, consider avoiding the use of the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions until a patch is available. Restrict the processing of crafted PDF files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** kdegraphics versions prior to 3.4.3-r3 Xpdf version 3.01 pdftohtml (affected versions not specified) **Description** The issue involves multiple vulnerabilities in the kdegraphics package and pdftohtml, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. A heap-based buffer overflow in the StreamPredictor function in Xpdf, also used in products like Poppler, teTeX, KDE kpdf, pdftohtml, KOffice KWord, CUPS, and libextractor, allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps field. **Recommendations** For kdegraphics versions prior to 3.4.3-r3, update to version 3.4.3-r3 or later. For Xpdf version 3.01, consider disabling the StreamPredictor function until a patch is available. For pdftohtml, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** kdegraphics versions prior to 3.4.3-r3 pdftohtml (affected versions not specified) xpdf version 3.01 and earlier **Description** The issue involves multiple vulnerabilities in the kdegraphics package and the pdftohtml package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Additionally, a heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code for xpdf can cause a denial of service and possibly allow the execution of arbitrary code via a crafted PDF file. **Recommendations** For kdegraphics versions prior to 3.4.3-r3, update to version 3.4.3-r3 or later. For pdftohtml, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For xpdf version 3.01 and earlier, consider disabling the use of the JPXStream::readCodestream function until a patch is available. Restrict the processing of PDF files with large size values to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** UW-IMAP versions prior to 2004g **Description** The issue is related to a buffer overflow in the `mail valid net parse work` function in `mail.c`. This occurs when a mailbox name contains a single double-quote character without a closing quote, causing bytes after the double-quote to be copied into a buffer indefinitely. This can allow remote attackers to execute arbitrary code. **Recommendations** For versions prior to 2004g, update to version 2004g or later to resolve the issue. As a temporary workaround, consider restricting the use of special characters in mailbox names to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Symantec AntiVirus Scan Engine versions 4.0 through 4.3 **Description** The issue is related to an integer signedness error in the administrative interface, which can be exploited by remote attackers to execute arbitrary code. This is achieved by sending crafted HTTP headers with negative values, leading to a heap-based buffer overflow. **Recommendations** For Symantec AntiVirus Scan Engine versions 4.0 through 4.3, consider restricting access to the administrative interface until a fix is available. As a temporary workaround, avoid using the administrative interface for remote connections to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: xpdf (affected versions not specified) kpdf (affected versions not specified) Description: The issue arises from improper validation of the "loca" table in PDF files, allowing local users to cause a denial of service. This can be achieved by creating a PDF file with a "broken" loca table, which in turn causes xpdf to create a large temporary file when attempting to reconstruct the information, resulting in disk consumption and hang. Recommendations: For xpdf, consider implementing proper validation of the "loca" table in PDF files to prevent the creation of large temporary files. For kpdf, apply similar validation measures to the "loca" table to mitigate the risk of denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Mailutils versions prior to 0.6.90 **Description** The issue concerns a format string vulnerability in the imap4d server. This vulnerability allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands. **Recommendations** For GNU Mailutils versions prior to 0.6.90, update to version 0.6.90 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GNU Mailutils versions 0.5 through 0.6.89 **Description** A buffer overflow issue exists in the header get field name function, allowing remote attackers to execute arbitrary code via a crafted e-mail. **Recommendations** For GNU Mailutils versions 0.5 through 0.6.89, update to version 0.6.90 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GNU Mailutils versions 0.5 through 0.6.90 **Description** The issue allows authenticated remote users to cause a denial of service, specifically CPU consumption, by providing a large range value in the `FETCH` command. **Recommendations** For GNU Mailutils versions 0.5 through 0.6.90, update to version 0.6.90 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GNU Mailutils versions 0.5 through 0.6.89 **Description** The issue is related to an integer overflow in the fetch io function of the imap4d server, which can be exploited by remote attackers to execute arbitrary code. This is achieved through a partial message request with a large value in the `END` parameter, resulting in a heap-based buffer overflow. **Recommendations** For GNU Mailutils versions 0.5 through 0.6.89, update to version 0.6.90 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** cURL versions 7.12.1 and possibly other versions **Description** The issue arises from multiple stack-based buffer overflows in libcURL and cURL, allowing remote malicious web servers to execute arbitrary code. This occurs when base64 encoded replies exceed the intended buffer lengths during decoding, which is not properly handled. Specifically, the problem is seen in two areas: (1) the `Curl input ntlm` function during NTLM authentication and (2) the `Curl krb kauth` and `krb4 auth` functions during Kerberos authentication. The vulnerability can be exploited by a malicious HTTP server during NTLM negotiation and by an FTP server during krb4 negotiation. **Recommendations** For cURL version 7.12.1 and possibly other affected versions, consider disabling the `Curl input ntlm` function and the `Curl krb kauth` and `krb4 auth` functions until a patch is available to prevent exploitation during NTLM and Kerberos authentication. Restrict access to the affected authentication modules to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Squid versions 2.5.STABLE7 and earlier **Description** The issue is related to a buffer overflow in the `gopherToHTML` function within the Gopher reply parser. This allows remote malicious Gopher servers to cause a denial of service by crashing the system through crafted responses. **Recommendations** For Squid versions 2.5.STABLE7 and earlier, consider updating to a version that fixes this issue as a permanent solution. As a temporary workaround, restrict access to Gopher servers to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Squid versions 2.5.STABLE7 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending malformed WCCP messages. These messages have source addresses spoofed to reference Squid's home router and contain invalid WCCP I SEE YOU cache numbers. **Recommendations** For Squid versions 2.5.STABLE7 and earlier, consider updating to a version later than 2.5.STABLE7 to resolve the issue. As a temporary workaround, restrict access to the WCCP message parsing code to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libtiff versions 3.5.5 through 3.7.0 **Description** The issue allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF ASCII or TIFF UNDEFINED directory entry with a -1 entry count, leading to a heap-based buffer overflow. This can result in disruption of confidentiality, integrity, and availability of protected information. The exploitation of these issues can be done remotely. **Recommendations** For libtiff versions 3.5.5 through 3.7.0, update to a version that contains a fix for this issue to prevent remote code execution and protect against potential disruptions to confidentiality, integrity, and availability of protected information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libtiff version 3.6.1 Description: The issue is related to an integer overflow in the TIFFFetchStripThing function, which can be exploited by remote attackers using a specially crafted TIFF file. This file would have the STRIPOFFSETS flag set and contain a large number of strips, leading to the allocation of a zero-byte buffer and resulting in a heap-based buffer overflow. This could potentially allow the execution of arbitrary code. Recommendations: For libtiff version 3.6.1, consider updating to a newer version that addresses this issue, as using a version with this flaw could lead to arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read prf file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.

**Name of the Vulnerable Software and Affected Versions** WvTftp version 0.9 **Description** A heap-based buffer overflow issue exists in the WvTFTPServer::new connection function, located in wvtftpserver.cc, which allows remote attackers to execute arbitrary code via a long option string in a TFTP packet. **Recommendations** For WvTftp version 0.9, consider restricting access to the WvTFTPServer::new connection function until a patch is available. As a temporary workaround, avoid using long option strings in TFTP packets to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** XV (affected versions not specified) **Description** The issue is related to multiple integer overflows in XV, specifically in the xviris.c, xvpcx.c, and xvpm.c files. This allows remote attackers to execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.