Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 allows remote attackers to execute arbitrary code via a long URL in a .pls file.
Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long entry in a .pls file.
Stack-based buffer overflow in Mini-stream RM Downloader allows remote attackers to execute arbitrary code via a long string in a .smi file.
Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long rtsp URL in a .ram file.
Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Stack-based buffer overflow in Mini-stream Shadow Stream Recorder 3.0.1.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.
Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. NOTE: the latter was also subsequently reported in "prior to 3.1.3.7."
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file.
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long URL in the [playlist] section in a .pls file, a different vector than CVE-2009-1667.
Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel Paint Shop Pro) allows user-assisted remote attackers to execute arbitrary code via a crafted PNG file. NOTE: this might be the same issue as CVE-2007-2366.
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.
Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values.
Heap-based buffer overflow in the IAManager ActiveX control in IAManager.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the SetIAPlayerName method.
libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
Buffer overflow in the readAt function in BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp in the mediaserver service in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 19400722.
Multiple stack-based buffer overflows in Mp3 Tag Assistant Professional 2.92 build 300 allow remote attackers to execute arbitrary code via an MP3 file with a long string in the (1) ID3v1, (2) ID3v2, or (3) APEv2 metadata field.
The Bluetooth HCI interface implementation in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Stack-based buffer overflow in Winplot 1.25.0.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Plot2D (.wp2) file.
Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX control in MyActiveX.ocx 1.4.8.0 in Haihaisoft Universal Player allows remote attackers to execute arbitrary code via a long URL property value. NOTE: some of these details are obtained from third party information.
Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.
The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow.
The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted MPEG-4 covr atoms, aka internal bug 20923261.
Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794.
Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2.2.7.5, and 5.x including 5.1.4.3.1, allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a playlist file (.pls) containing a long string. NOTE: some of these details are obtained from third party information.
IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5783.
Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain types of shading that are not properly handled by the (1) pdf_loadtype4shade, (2) pdf_loadtype5shade, (3) pdf_loadtype6shade, and (4) pdf_loadtype7shade functions. NOTE: some of these details are obtained from third party information.
Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.
Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows remote attackers to execute arbitrary code via a long string in a .usk file.
Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation 3.5 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FormMax import (.aim) file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .upl playlist file.
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.
Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to cause a denial of service (application crash) or execute arbitrary code via a long 220 reply (aka connection greeting or welcome message).
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.
Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in Retina Network Security Scanner 5.10.14, allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .rws file with a long RWS010 entry.
Stack-based buffer overflow in the GetUID function in src-IL/src/il_dicom.c in DevIL 1.7.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted DICOM file.
Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet.
Multiple stack-based buffer overflows in xaudio.dll in Programmed Integration PIPL 2.5.0 and 2.5.0D allow remote attackers to execute arbitrary code via a long string in a (1) .pls or (2) .pl playlist file.
Stack-based buffer overflow in OpenOffice.org (OOo) allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side stack overflow exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.
Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.
Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.