Package: ia32-libs<br>Severity: important<br>Tags: security<br><br>I have
been working on a tool called Clonewise to automatically identify
embedded code copies in Debian packages and determine if they are out of
date and vulnerable. Ideally, embedding code and libraries should be
avoided and a system wide library should be used instead.<br>
<br>I recently ran the tool on Debian 6 stable. The results are here at <a href="http://www.foocodechu.com/downloads/Clonewise-report.txt" target="_blank">http://www.foocodechu.com/downloads/Clonewise-report.txt</a><b><br>
<br></b>The ia32-libs package reported potential issues appended to this message.<br><br>The
analysis tries to justify why it believes a library or code is embedded
in the package and if the relationship is not already being tracked by
Debian in the embedded-code-copies database it shows the files that are
shared between the two pieces of software.<br>
<br>Apologies if these are false positives. Your help in advising me on
whether these issues are real will help me improve the analysis for the
future.<br><br>--<br>Silvio Cesare<br>Deakin University<br><br><pre>### Summary:
###</pre><pre>libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0205
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0211
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0212
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0433
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0628
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0629
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0740
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0742
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-1205
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-1320
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-1322
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2067
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2233
avahi CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2244
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2249
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2443
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2498
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2499
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2500
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2519
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2520
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2541
libmikmod CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2546
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2596
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2597
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2805
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2806
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2808
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2939
libmikmod CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2971
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3053
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3054
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3311
pam CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3316
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3814
pam CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3853
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3855
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3864
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-4665
pam CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-4706
pam CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-4707
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0014
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0226
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0284
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0285
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0408
avahi CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1002
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1024
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1025
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1081
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1167
dbus CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-2200
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-2501
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-2691
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-2692
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-3048
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-3207
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-3328
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-4354
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-1012
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-1013
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-1165
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-2110
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-2131</pre><br><pre># Package ia32-libs may be vulnerable to the following issues:
#
CVE-2010-0205
CVE-2010-0211
CVE-2010-0212
CVE-2010-0433
CVE-2010-0628
CVE-2010-0629
CVE-2010-0740
CVE-2010-0742
CVE-2010-1205
CVE-2010-1320
CVE-2010-1322
CVE-2010-2067
CVE-2010-2233
CVE-2010-2244
CVE-2010-2249
CVE-2010-2443
CVE-2010-2498
CVE-2010-2499
CVE-2010-2500
CVE-2010-2519
CVE-2010-2520
CVE-2010-2541
CVE-2010-2546
CVE-2010-2596
CVE-2010-2597
CVE-2010-2805
CVE-2010-2806
CVE-2010-2808
CVE-2010-2939
CVE-2010-2971
CVE-2010-3053
CVE-2010-3054
CVE-2010-3311
CVE-2010-3316
CVE-2010-3814
CVE-2010-3853
CVE-2010-3855
CVE-2010-3864
CVE-2010-4665
CVE-2010-4706
CVE-2010-4707
CVE-2011-0014
CVE-2011-0226
CVE-2011-0284
CVE-2011-0285
CVE-2011-0408
CVE-2011-1002
CVE-2011-1024
CVE-2011-1025
CVE-2011-1081
CVE-2011-1167
CVE-2011-2200
CVE-2011-2501
CVE-2011-2691
CVE-2011-2692
CVE-2011-3048
CVE-2011-3207
CVE-2011-3328
CVE-2011-4354
CVE-2012-1012
CVE-2012-1013
CVE-2012-1165
CVE-2012-2110
CVE-2012-2131
<br>### Reports by package:
###
# SUMMARY: The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.
#
# CVE-2010-0205 relates to a vulnerability in package libpng.
# The following source filenames are likely responsible:
# pngrutil.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0205
# SUMMARY: The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.
#
# CVE-2010-0211 relates to a vulnerability in package openldap.
# The following source filenames are likely responsible:
# modrdn.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0211
# SUMMARY: OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.
#
# CVE-2010-0212 relates to a vulnerability in package openldap.
# The following source filenames are likely responsible:
# schemainit.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0212
# SUMMARY: The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
#
# CVE-2010-0433 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# kssl.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0433
# SUMMARY: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.
#
# CVE-2010-0628 relates to a vulnerability in package krb5.
# The following source filenames are likely responsible:
# spnegomech.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0628
# SUMMARY: Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
#
# CVE-2010-0629 relates to a vulnerability in package krb5.
# The following source filenames are likely responsible:
# serverstubs.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0629
# SUMMARY: The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.
#
# CVE-2010-0740 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# spkt.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0740
# SUMMARY: The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.
#
# CVE-2010-0742 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# cmsasn.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-0742
# SUMMARY: Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
#
# CVE-2010-1205 relates to a vulnerability in package libpng.
# The following source filenames are likely responsible:
# pngpread.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-1205
# SUMMARY: Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.
#
# CVE-2010-1320 relates to a vulnerability in package krb5.
# The following source filenames are likely responsible:
# dotgsreq.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-1320
# SUMMARY: The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.
#
# CVE-2010-1322 relates to a vulnerability in package krb5.
# The following source filenames are likely responsible:
# kdcauthdata.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-1322
# SUMMARY: Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.
#
# CVE-2010-2067 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
# tifdirread.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2067
# SUMMARY: tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input."
#
# CVE-2010-2233 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
# tifgetimage.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2233
# SUMMARY: The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081.
#
# CVE-2010-2244 relates to a vulnerability in package avahi.
# The following source filenames are likely responsible:
# socket.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
avahi CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2244
# SUMMARY: Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
#
# CVE-2010-2249 relates to a vulnerability in package libpng.
# The following source filenames are likely responsible:
# pngrutil.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2249
# SUMMARY: The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function.
#
# CVE-2010-2443 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
# tifojpeg.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2443
# SUMMARY: The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.
#
# CVE-2010-2498 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# pshalgo.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2498
# SUMMARY: Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.
#
# CVE-2010-2499 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ftobjs.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2499
# SUMMARY: Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
#
# CVE-2010-2500 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ftgrays.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2500
# SUMMARY: Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file.
#
# CVE-2010-2519 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ftobjs.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2519
# SUMMARY: Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
#
# CVE-2010-2520 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ttinterp.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2520
# SUMMARY: Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
#
# CVE-2010-2541 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ftmulti.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2541
# SUMMARY: Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
#
# CVE-2010-2546 relates to a vulnerability in package libmikmod.
# The following source filenames are likely responsible:
# loadit.c
#
# The following package clones are NOT tracked in the embedded-code-copies
# database.
#
libmikmod CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2546
MATCH dlhpux.c/dlhpux.c (8.423981)
MATCH drvaf.c/drvaf.c (9.117128)
MATCH drvaix.c/drvaix.c (9.117128)
MATCH drvalsa.c/drvalsa.c (9.117128)
MATCH drvdart.c/drvdart.c (9.117128)
MATCH drvds.c/drvds.c (9.117128)
MATCH drvesd.c/drvesd.c (9.117128)
MATCH drvhp.c/drvhp.c (9.117128)
MATCH drvmac.c/drvmac.c (9.117128)
MATCH drvnos.c/drvnos.c (8.423981)
MATCH drvoss.c/drvos.c (9.117128)
MATCH drvpipe.c/drvpipe.c (9.117128)
MATCH drvraw.c/drvraw.c (8.711663)
MATCH drvsam.c/drvsam.c (9.117128)
MATCH drvsgi.c/drvsgi.c (9.117128)
MATCH drvstdout.c/drvstdout.c (9.117128)
MATCH drvsun.c/drvsun.c (9.117128)
MATCH drvultra.c/drvultra.c (9.117128)
MATCH drvwav.c/drvwav.c (9.117128)
MATCH drvwin.c/drvwin.c (9.117128)
MATCH load.c/bload.c (8.200837)
MATCH loadamf.c/loadamf.c (8.018516)
MATCH loaddsm.c/loaddsm.c (8.018516)
MATCH loadfar.c/loadfar.c (8.018516)
MATCH loadgdm.c/loadgdm.c (8.423981)
MATCH loadit.c/loadit.c (7.730834)
MATCH loadm.c/load.c (5.225307)
MATCH loadmed.c/loadmed.c (8.018516)
MATCH loadmtm.c/loadmtm.c (7.864365)
MATCH loadokt.c/loadokt.c (8.018516)
MATCH loadstx.c/loadstm.c (7.864365)
MATCH loadult.c/loadult.c (7.864365)
MATCH loaduni.c/loaduni.c (8.423981)
MATCH loadxm.c/loadm.c (8.423981)
MATCH mdreg.c/mdreg.c (8.423981)
MATCH mdriver.c/driver.c (5.195155)
MATCH mdulaw.c/mdulaw.c (9.117128)
MATCH memcmp.c/memcmp.c (5.332938)
MATCH mloader.c/mloader.c (8.018516)
MATCH mlutil.c/mlutil.c (8.018516)
MATCH mmalloc.c/emalloc.c (7.412380)
MATCH mmerror.c/merror.c (7.613050)
MATCH mmio.c/mmio.c (6.865836)
MATCH mplayer.c/mplayer.c (7.102225)
MATCH munitrk.c/munitrk.c (8.018516)
MATCH mwav.c/mwav.c (8.423981)
MATCH npertab.c/npertab.c (8.423981)
MATCH strcasecmp.c/cstrcasecmp.c (6.719233)
MATCH strdup.c/estrdup.c (8.018516)
MATCH strstr.c/cstrstr.c (8.423981)
MATCH virtch.c/virtch.c (8.423981)
MATCH virtchcommon.c/virtchcommon.c (8.423981)
# SUMMARY: The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input."
#
# CVE-2010-2596 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
# tifojpeg.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2596
# SUMMARY: The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error.
#
# CVE-2010-2597 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
# tifstrip.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2597
# SUMMARY: The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
#
# CVE-2010-2805 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ftstream.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2805
# SUMMARY: Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.
#
# CVE-2010-2806 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# tparse.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2806
# SUMMARY: Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.
#
# CVE-2010-2808 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ftobjs.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2808
# SUMMARY: Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.
#
# CVE-2010-2939 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# sclnt.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2939
# SUMMARY: loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
#
# CVE-2010-2971 relates to a vulnerability in package libmikmod.
# The following source filenames are likely responsible:
# loadit.c
#
# The following package clones are NOT tracked in the embedded-code-copies
# database.
#
libmikmod CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-2971
MATCH dlhpux.c/dlhpux.c (8.423981)
MATCH drvaf.c/drvaf.c (9.117128)
MATCH drvaix.c/drvaix.c (9.117128)
MATCH drvalsa.c/drvalsa.c (9.117128)
MATCH drvdart.c/drvdart.c (9.117128)
MATCH drvds.c/drvds.c (9.117128)
MATCH drvesd.c/drvesd.c (9.117128)
MATCH drvhp.c/drvhp.c (9.117128)
MATCH drvmac.c/drvmac.c (9.117128)
MATCH drvnos.c/drvnos.c (8.423981)
MATCH drvoss.c/drvos.c (9.117128)
MATCH drvpipe.c/drvpipe.c (9.117128)
MATCH drvraw.c/drvraw.c (8.711663)
MATCH drvsam.c/drvsam.c (9.117128)
MATCH drvsgi.c/drvsgi.c (9.117128)
MATCH drvstdout.c/drvstdout.c (9.117128)
MATCH drvsun.c/drvsun.c (9.117128)
MATCH drvultra.c/drvultra.c (9.117128)
MATCH drvwav.c/drvwav.c (9.117128)
MATCH drvwin.c/drvwin.c (9.117128)
MATCH load.c/bload.c (8.200837)
MATCH loadamf.c/loadamf.c (8.018516)
MATCH loaddsm.c/loaddsm.c (8.018516)
MATCH loadfar.c/loadfar.c (8.018516)
MATCH loadgdm.c/loadgdm.c (8.423981)
MATCH loadit.c/loadit.c (7.730834)
MATCH loadm.c/load.c (5.225307)
MATCH loadmed.c/loadmed.c (8.018516)
MATCH loadmtm.c/loadmtm.c (7.864365)
MATCH loadokt.c/loadokt.c (8.018516)
MATCH loadstx.c/loadstm.c (7.864365)
MATCH loadult.c/loadult.c (7.864365)
MATCH loaduni.c/loaduni.c (8.423981)
MATCH loadxm.c/loadm.c (8.423981)
MATCH mdreg.c/mdreg.c (8.423981)
MATCH mdriver.c/driver.c (5.195155)
MATCH mdulaw.c/mdulaw.c (9.117128)
MATCH memcmp.c/memcmp.c (5.332938)
MATCH mloader.c/mloader.c (8.018516)
MATCH mlutil.c/mlutil.c (8.018516)
MATCH mmalloc.c/emalloc.c (7.412380)
MATCH mmerror.c/merror.c (7.613050)
MATCH mmio.c/mmio.c (6.865836)
MATCH mplayer.c/mplayer.c (7.102225)
MATCH munitrk.c/munitrk.c (8.018516)
MATCH mwav.c/mwav.c (8.423981)
MATCH npertab.c/npertab.c (8.423981)
MATCH strcasecmp.c/cstrcasecmp.c (6.719233)
MATCH strdup.c/estrdup.c (8.018516)
MATCH strstr.c/cstrstr.c (8.423981)
MATCH virtch.c/virtch.c (8.423981)
MATCH virtchcommon.c/virtchcommon.c (8.423981)
# SUMMARY: bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.
#
# CVE-2010-3053 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# bdflib.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3053
# SUMMARY: Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.
#
# CVE-2010-3054 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# cffgload.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3054
# SUMMARY: Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.
#
# CVE-2010-3311 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ftstream.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3311
# SUMMARY: The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.
#
# CVE-2010-3316 relates to a vulnerability in package pam.
# The following source filenames are likely responsible:
# pamxauth.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
pam CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3316
# SUMMARY: Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.
#
# CVE-2010-3814 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ttinterp.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3814
# SUMMARY: pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.
#
# CVE-2010-3853 relates to a vulnerability in package pam.
# The following source filenames are likely responsible:
# pamnamespace.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
pam CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3853
# SUMMARY: Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.
#
# CVE-2010-3855 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# ttgxvar.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3855
# SUMMARY: Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
#
# CVE-2010-3864 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# tlib.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-3864
# SUMMARY: Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries.
#
# CVE-2010-4665 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
# tiffdump.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-4665
# SUMMARY: The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pam_xauth PAM check.
#
# CVE-2010-4706 relates to a vulnerability in package pam.
# The following source filenames are likely responsible:
# pamxauth.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
pam CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-4706
# SUMMARY: The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file.
#
# CVE-2010-4707 relates to a vulnerability in package pam.
# The following source filenames are likely responsible:
# pamxauth.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
pam CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2010-4707
# SUMMARY: ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."
#
# CVE-2011-0014 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# tlib.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0014
# SUMMARY: Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
#
# CVE-2011-0226 relates to a vulnerability in package freetype.
# The following source filenames are likely responsible:
# tdecode.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
freetype CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0226
# SUMMARY: Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.
#
# CVE-2011-0284 relates to a vulnerability in package krb5.
# The following source filenames are likely responsible:
# doasreq.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0284
# SUMMARY: The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.
#
# CVE-2011-0285 relates to a vulnerability in package krb5.
# The following source filenames are likely responsible:
# schpw.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0285
# SUMMARY: pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information.
#
# CVE-2011-0408 relates to a vulnerability in package libpng.
# The following source filenames are likely responsible:
# pngrtran.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-0408
# SUMMARY: avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
#
# CVE-2011-1002 relates to a vulnerability in package avahi.
# The following source filenames are likely responsible:
# socket.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
avahi CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1002
# SUMMARY: chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.
#
# CVE-2011-1024 relates to a vulnerability in package openldap.
# The following source filenames are likely responsible:
# chain.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1024
# SUMMARY: bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
#
# CVE-2011-1025 relates to a vulnerability in package openldap.
# The following source filenames are likely responsible:
# bind.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1025
# SUMMARY: modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
#
# CVE-2011-1081 relates to a vulnerability in package openldap.
# The following source filenames are likely responsible:
# modrdn.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openldap CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1081
# SUMMARY: Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.
#
# CVE-2011-1167 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
# tifthunder.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
tiff CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-1167
# SUMMARY: The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.
#
# CVE-2011-2200 relates to a vulnerability in package dbus.
# The following source filenames are likely responsible:
# dbusmarshalheader.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
dbus CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-2200
# SUMMARY: The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression.
#
# CVE-2011-2501 relates to a vulnerability in package libpng.
# The following source filenames are likely responsible:
# pngerror.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-2501
# SUMMARY: The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.
#
# CVE-2011-2691 relates to a vulnerability in package libpng.
# The following source filenames are likely responsible:
# pngerror.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-2691
# SUMMARY: The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
#
# CVE-2011-2692 relates to a vulnerability in package libpng.
# The following source filenames are likely responsible:
# pngrutil.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-2692
# SUMMARY: The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
#
# CVE-2011-3048 relates to a vulnerability in package libpng.
# The following source filenames are likely responsible:
# pngset.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-3048
# SUMMARY: crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.
#
# CVE-2011-3207 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# xvfy.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-3207
# SUMMARY: The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value.
#
# CVE-2011-3328 relates to a vulnerability in package libpng.
# The following source filenames are likely responsible:
# pngrutil.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
libpng CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-3328
# SUMMARY: crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts.
#
# CVE-2011-4354 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# bnnist.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2011-4354
# SUMMARY: server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.
#
# CVE-2012-1012 relates to a vulnerability in package krb5.
# The following source filenames are likely responsible:
# serverstubs.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-1012
# SUMMARY: The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.
#
# CVE-2012-1013 relates to a vulnerability in package krb5.
# The following source filenames are likely responsible:
# svrprincipal.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
krb5 CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-1013
# SUMMARY: The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.
#
# CVE-2012-1165 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# asnmime.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-1165
# SUMMARY: The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
#
# CVE-2012-2110 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# adifp.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-2110
# SUMMARY: Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.
#
# CVE-2012-2131 relates to a vulnerability in package openssl.
# The following source filenames are likely responsible:
# buffer.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
openssl CLONED_IN_SOURCE ia32-libs <unfixed> CVE-2012-2131</pre><br>