Security Advisories (6)
Buffer overflow in the LWZReadByte_ function in the GD extension in allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.
- http://www.postgresql.org/about/news.905
- http://www.securityfocus.com/bid/27163
- http://securitytracker.com/id?1019157
- http://secunia.com/advisories/28359
- http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
- http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
- https://issues.rpath.com/browse/RPL-1768
- http://www.debian.org/security/2008/dsa-1460
- http://www.debian.org/security/2008/dsa-1463
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
- http://www.redhat.com/support/errata/RHSA-2008-0038.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
- http://secunia.com/advisories/28376
- http://secunia.com/advisories/28438
- http://secunia.com/advisories/28437
- http://secunia.com/advisories/28454
- http://secunia.com/advisories/28464
- http://secunia.com/advisories/28477
- http://secunia.com/advisories/28479
- http://secunia.com/advisories/28455
- http://security.gentoo.org/glsa/glsa-200801-15.xml
- http://secunia.com/advisories/28679
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
- http://secunia.com/advisories/28698
- http://www.redhat.com/support/errata/RHSA-2008-0040.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
- http://secunia.com/advisories/29638
- http://www.vupen.com/english/advisories/2008/1071/references
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
- http://www.vupen.com/english/advisories/2008/0109
- http://www.vupen.com/english/advisories/2008/0061
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39499
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804
- https://usn.ubuntu.com/568-1/
- http://www.securityfocus.com/archive/1/486407/100/0/threaded
- http://www.securityfocus.com/archive/1/485864/100/0/threaded
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
- http://online.securityfocus.com/archive/1/312869
- http://www.iss.net/security_center/static/11381.php
- http://lists.apple.com/mhonarc/security-announce/msg00038.html
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt
- http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc
- http://www.redhat.com/support/errata/RHSA-2003-079.html
- http://www.redhat.com/support/errata/RHSA-2003-081.html
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405
- http://www.kb.cert.org/vuls/id/142121
- http://www.securityfocus.com/bid/6913
- http://www.osvdb.org/6599
- http://marc.info/?l=bugtraq&m=104620610427210&w=2
- http://marc.info/?l=bugtraq&m=104887247624907&w=2
- http://marc.info/?l=bugtraq&m=104610536129508&w=2
- http://marc.info/?l=bugtraq&m=104610337726297&w=2
- http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.html
- http://jvn.jp/en/jp/JVN78689801/index.html
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
- http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
- http://www.postgresql.org/about/news.905
- http://www.securityfocus.com/bid/27163
- http://securitytracker.com/id?1019157
- http://secunia.com/advisories/28359
- http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
- https://issues.rpath.com/browse/RPL-1768
- http://www.debian.org/security/2008/dsa-1460
- http://www.debian.org/security/2008/dsa-1463
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
- http://www.redhat.com/support/errata/RHSA-2008-0038.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
- http://secunia.com/advisories/28376
- http://secunia.com/advisories/28438
- http://secunia.com/advisories/28437
- http://secunia.com/advisories/28454
- http://secunia.com/advisories/28464
- http://secunia.com/advisories/28477
- http://secunia.com/advisories/28479
- http://secunia.com/advisories/28455
- http://security.gentoo.org/glsa/glsa-200801-15.xml
- http://secunia.com/advisories/28679
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
- http://secunia.com/advisories/28698
- http://www.redhat.com/support/errata/RHSA-2008-0040.html
- http://www.redhat.com/support/errata/RHSA-2008-0134.html
- http://secunia.com/advisories/29070
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:059
- http://secunia.com/advisories/29248
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
- http://secunia.com/advisories/29638
- http://www.vmware.com/security/advisories/VMSA-2008-0009.html
- http://secunia.com/advisories/30535
- http://www.vupen.com/english/advisories/2008/1071/references
- http://www.vupen.com/english/advisories/2008/0109
- http://www.vupen.com/english/advisories/2008/1744
- http://www.vupen.com/english/advisories/2008/0061
- http://rhn.redhat.com/errata/RHSA-2013-0122.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39497
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11569
- https://usn.ubuntu.com/568-1/
- http://www.securityfocus.com/archive/1/493080/100/0/threaded
- http://www.securityfocus.com/archive/1/486407/100/0/threaded
- http://www.securityfocus.com/archive/1/485864/100/0/threaded
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
- http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
- http://www.postgresql.org/about/news.905
- http://www.securityfocus.com/bid/27163
- http://securitytracker.com/id?1019157
- http://secunia.com/advisories/28359
- http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
- https://issues.rpath.com/browse/RPL-1768
- http://www.debian.org/security/2008/dsa-1460
- http://www.debian.org/security/2008/dsa-1463
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
- http://www.redhat.com/support/errata/RHSA-2008-0038.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
- http://secunia.com/advisories/28376
- http://secunia.com/advisories/28438
- http://secunia.com/advisories/28437
- http://secunia.com/advisories/28454
- http://secunia.com/advisories/28464
- http://secunia.com/advisories/28477
- http://secunia.com/advisories/28479
- http://secunia.com/advisories/28455
- http://security.gentoo.org/glsa/glsa-200801-15.xml
- http://secunia.com/advisories/28679
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
- http://secunia.com/advisories/28698
- http://www.redhat.com/support/errata/RHSA-2008-0040.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
- http://secunia.com/advisories/29638
- http://www.vupen.com/english/advisories/2008/1071/references
- http://www.vupen.com/english/advisories/2008/0109
- http://www.vupen.com/english/advisories/2008/0061
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
- http://rhn.redhat.com/errata/RHSA-2013-0122.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39498
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235
- https://usn.ubuntu.com/568-1/
- http://www.securityfocus.com/archive/1/486407/100/0/threaded
- http://www.securityfocus.com/archive/1/485864/100/0/threaded
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
- https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE
- http://www.securityfocus.com/bid/109269
- https://support.f5.com/csp/article/K88124225
- https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium=RSS
- https://security.netapp.com/advisory/ntap-20220506-0003/
NAME
Tk_GetScrollInfo - parse arguments for scrolling commands
SYNOPSIS
#include <tk.h>
int Tk_GetScrollInfo(interp, argc, argv, dblPtr, intPtr)
ARGUMENTS
- Tcl_Interp *interp (in)
-
Interpreter to use for error reporting.
- int argc (in)
-
Number of strings in argv array.
- char *argv[] (in)
-
Argument strings. These represent the entire method, of which the first word is typically the widget name and the second word is typically xview or yview. This procedure parses arguments starting with argv[2].
- double *dblPtr (out)
-
Filled in with fraction from moveto option, if any.
- int *intPtr (out)
-
Filled in with line or page count from scroll option, if any. The value may be negative.
DESCRIPTION
Tk_GetScrollInfo parses the arguments expected by widget scrolling commands such as xview and yview. It receives the entire list of words that make up a method and parses the words starting with argv[2]. The words starting with argv[2] must have one of the following forms:
moveto fraction
scroll number units
scroll number pagesAny of the moveto, scroll, units, and pages keywords may be abbreviated. If argv has the moveto form, TK_SCROLL_MOVETO is returned as result and *dblPtr is filled in with the fraction argument to the command, which must be a proper real value. If argv has the scroll form, TK_SCROLL_UNITS or TK_SCROLL_PAGES is returned and *intPtr is filled in with the number value, which must be a proper integer. If an error occurs in parsing the arguments, TK_SCROLL_ERROR is returned and an error message is left in interp->result.
KEYWORDS
parse, scrollbar, scrolling command, xview, yview
Module Install Instructions
To install Tk, copy and paste the appropriate command in to your terminal.
cpanm Tkperl -MCPAN -e shell
install TkFor more information on module installation, please visit the detailed CPAN module installation guide.