Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2010-11-05	CVE-2010-2941	Use After Free vulnerability in multiple products ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. network low complexity apple fedoraproject canonical debian opensuse suse redhat CWE-416 critical	9.8
2010-06-30	CVE-2010-1205	Classic Buffer Overflow vulnerability in multiple products Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. network low complexity libpng google apple fedoraproject suse opensuse vmware canonical debian mozilla CWE-120 critical	9.8
2008-01-18	CVE-2007-6427	Out-Of-Bounds Write vulnerability in multiple products The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. network x-org canonical debian apple fedoraproject opensuse suse CWE-787 critical	9.3