Gnu: Security Vulnerabilities
(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
CVSS Score
7.8
EPSS Score
0.007
Published
2007-04-22
Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories.
CVSS Score
6.6
EPSS Score
0.001
Published
2007-03-07
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
CVSS Score
5.0
EPSS Score
0.183
Published
2007-03-06
GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
CVSS Score
5.0
EPSS Score
0.012
Published
2007-03-06
GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.
CVSS Score
4.6
EPSS Score
0.001
Published
2007-01-17
The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
CVSS Score
5.0
EPSS Score
0.048
Published
2006-12-23
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
CVSS Score
10.0
EPSS Score
0.089
Published
2006-12-07
Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.
CVSS Score
10.0
EPSS Score
0.226
Published
2006-11-28
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.
CVSS Score
4.0
EPSS Score
0.104
Published
2006-11-24
Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.
CVSS Score
5.1
EPSS Score
0.285
Published
2006-11-11