Opensuse Leap vulnerabilities

CVE-2016-8688 [MEDIUM] CWE-125 CVE-2016-8688: The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.

CVE-2016-7446 [CRITICAL] CVE-2016-7446: Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers t Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.

CVE-2016-7447 [CRITICAL] CWE-119 CVE-2016-7447: Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.

CVE-2016-7448 [HIGH] CWE-399 CVE-2016-7448: The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of ser The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.

CVE-2016-7449 [HIGH] CWE-125 CVE-2016-7449: The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.

CVE-2016-7800 [HIGH] CWE-119 CVE-2016-7800: Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier al Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.

CVE-2016-10165 [HIGH] CWE-125 CVE-2016-10165: The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

CVE-2016-8568 [MEDIUM] CWE-125 CVE-2016-8568: The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.

CVE-2016-5241 [MEDIUM] CWE-189 CVE-2016-5241: magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.

CVE-2016-8569 [MEDIUM] CWE-476 CVE-2016-8569: The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a de The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.

CVE-2016-2317 [MEDIUM] CWE-119 CVE-2016-2317: Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of servi Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.

CVE-2016-2318 [MEDIUM] CWE-476 CVE-2016-2318: GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.

CVE-2015-7976 [MEDIUM] CWE-254 CVE-2015-7976: The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

CVE-2016-9436 [MEDIUM] CWE-20 CVE-2016-9436: parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a tag.

CVE-2016-9435 [MEDIUM] CWE-20 CVE-2016-9435: The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize val The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to tags.

CVE-2016-2312 [MEDIUM] CWE-254 CVE-2016-2312: Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can res Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.

CVE-2016-7787 [MEDIUM] CWE-94 CVE-2016-7787: A maliciously crafted command line for kdesu can result in the user only seeing part of the commands A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.

CVE-2016-9427 [CRITICAL] CWE-119 CVE-2016-9427: Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.

CVE-2016-7422 [MEDIUM] CWE-120 CVE-2016-7422: The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local gues The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.

CVE-2016-7995 [MEDIUM] CWE-772 CVE-2016-7995: Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allow Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes.