It was discovered that libpng incorrectly handled memory when parsing
certain PNG files. If a user or automated system were tricked into opening
a specially crafted PNG file, an attacker could use this issue to cause
libpng to crash, resulting in a denial of service, or possible execute
arbitrary code. (CVE-2017-12652)
Zhengxiong Luo discovered that libpng incorrectly handled memory when parsing
certain PNG files. If a user or automated system were tricked into opening
a specially crafted PNG file, an attacker could use this issue to cause
libpng to crash, resulting in a denial of service, or possible execute
arbitrary code. (CVE-2018-14048)
Several flaws have been discovered in HTCondor, a distributed workload
management system, which allow users with only READ access to any daemon to use
a different authentication method than the administrator has specified. If the
administrator has configured the READ or WRITE methods to include CLAIMTOBE,
then it is possible to impersonate another user and submit or remove jobs.
Felix Wilhelm reported that several buffer handling functions in
libxml2, a library providing support to read, modify and write XML and
HTML files, don’t check for integer overflows, resulting in
out-of-bounds memory writes if specially crafted, multi-gigabyte XML
files are processed. An attacker can take advantage of this flaw for
denial of service or execution of arbitrary code.