Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 27161 of 28407

CVE-2017-13144

Posted by Cyberthreat Blog | Aug 23, 2017 | CVE Notifications |

In ImageMagick before 6.9.7-10, there is a crash (rather than a “width or height exceeds limit” error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.

Malicious script dropping an executable signed by Avast?, (Wed, Aug 23rd)

Posted by Cyberthreat Blog | Aug 23, 2017 | SANS ISC Bulletins |

Yesterday, I found an interesting sample that I started to analyze… It reached my spam trap attached to an email in Portuguese with the subject: “Venho por meio desta solicitar orçamento dos produtos” (“I hereby...

CVE-2017-13130

Posted by Cyberthreat Blog | Aug 22, 2017 | CVE Notifications |

mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring.

CVE-2017-13134

Posted by Cyberthreat Blog | Aug 22, 2017 | CVE Notifications |

In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-13133

Posted by Cyberthreat Blog | Aug 22, 2017 | CVE Notifications |

In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.

Author: Cyberthreat Blog

CVE-2017-13144

Malicious script dropping an executable signed by Avast?, (Wed, Aug 23rd)

CVE-2017-13130

CVE-2017-13134

CVE-2017-13133