It was discovered that GnuPG 2 uses a freed pointer when verifying a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution.

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems:

Aki Helin discovered an integer underflow in ncompress, the original Lempel-Ziv compress/uncompress programs. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive.

Florian Streibelt reported a directory traversal flaw in the way the Mailing List Managing Made Joyful mailing list manager processed users' requests originating from the administrator web interface without enough input validation. A remote, authenticated attacker could use these flaws to write and/or delete arbitrary files.

Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems:

Dyon Balding discovered buffer overflows in the MikMod sound library, which could lead to the execution of arbitrary code if a user is tricked into opening malformed Impulse Tracker or Ultratracker sound files.

Robert Swiecki discovered several vulnerabilities in the FreeType font library, which could lead to the execution of arbitrary code if a malformed font file is processed.

It was discovered that znc, an IRC bouncer, is vulnerable to denial of service attacks via a NULL pointer dereference when traffic statistics are requested while there is an unauthenticated connection.

Matt Giuca discovered a buffer overflow in python-cjson, a fast JSON encoder/decoder for Python. This allows a remote attacker to cause a denial of service (application crash) through a specially-crafted Python script.

Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer. It was discovered that null pointer dereferences, buffer overflows and infinite loops in the SMB, SMB PIPE, ASN1.1 and SigComp dissectors could lead to denial of service or the execution of arbitrary code.