Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service.
Michal Zalewski discovered that SQLite3, an implementation of an SQL database engine, did not properly handle precision and width values during floating-point conversions, leading to an integer overflow and a stack-based buffer overflow. This could allow remote attackers to cause a denial of service or possibly have unspecified other impact. Note that this issue had already been fixed for the sta ...
Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, a library for manipulating JPEG-2000 files, which could lead to denial of service or the execution of arbitrary code.
An off-by-one flaw, leading to a heap-based buffer overflow , and an unrestricted stack memory use flaw were found in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation.